| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Aug 2004 19:54:46 -0500 From: "GulfTech Security" <security@...ftech.org> To: <bugtraq@...urityfocus.com> Subject: Keene Digital Media Server Directory Traversal ########################################################## # GulfTech Security Research August, 25th 2004 ########################################################## # Vendor : Keene Software # URL : http://www.keenesoftware.com # Version : Keene Digital Media Server 1.0.2 # Risk : Directory Traversal Vulnerability ########################################################## Description: Keene Digital Media Server is an easy and affordable way to share all things digital with friends, family, and customers over your broadband connection. DMS turns your computer into a highly secure Web server that automatically converts your files and folders into Web pages, thumbnails, and media shows with no Web programming required. Integrated user and file access security management provide the ultimate control over your content. Directory Traversal Vulnerability: Not too long ago I saw there was a directory traversal vuln found in Keene Digital Media Server. it was fixed by the developers, but http://localhost/%2E%2E%5Csystem.log It seems that only ../ and %2E%2E/ were filtered out. If you hex encode the backslash or use a forward slash you can then traverse out of the web directory. For example I am able to grab the server log file with the above request. Related Info: The original advisory can be found at the following location http://www.gulftech.org/?node=research&article_id=00046-08252004 Solution: I contacted the developers but never received a response. Credits: James Bercegay of the GulfTech Security Research Team
Powered by blists - more mailing lists