lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed Jan 11 02:26:47 2006
From: hwclock at gmail.com (hwclock)
Subject: IronWall webserver remote file access.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IronWall webserver 7.41 directory traversal


[-
## Software ##

App: IronWall Webserver
Version: 7.41 estable (others not tested)
Platform: win32


## Background ##

Ironwall webserver is a small web server for win32 systems.
It can be downloaded totally free at softonic/tucows, and their devels seems
to be out of order.


##  Vulns ##

1.- If its installed with default options, it shows any file in any drive of
the computer where is installed,
because there is no root path already defined.

Sample:
http://www.server.com/path/to/file.ext

This is not a bug, but it's a big security problem.

2.- When root path is defined, you still have access to full drives. Just
add 3 or more dots (...) as path
in the url. This set the drive where installed as root path, and gives
access to every files.

Sample:
http://www.server.com/...../path/to/file.ext


## Vendor status ##

Vendor was notified on 2005-12-08 without answer.
- -]


note: softonic at 03/09/2005 (19.886 downloads), 2nd pos sorted by
downloads.

* thanks to make-bzimage.net *

* M4ntr4... we known your're reading it!. *

zdump (at) make-bzimage (dot) net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFDxGTcICM1ozzFv7sRAg2UAKCARky1hT/z0hlrOYtI7oHmQGWqyQCfXCSG
oxbVdYiRv1cGSDZieXCwUqg=
=pM7s
-----END PGP SIGNATURE-----

--
hwclock (at) gmail (dot) com
GPG ID: 0x3CC5BFBB
GPG Srv: pgp.rediris.es
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060111/d6879d5f/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ