uhttp Server 0.1.0-alpha – Directory Traversal

• Exploit Database
• 148 阅读

• 作者： Salvatore Fresta
  日期： 2010-03-23
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/11856/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

  uhttp Server Path Traversal Vulnerability   Nameuhttp Server Vendorhttp://uhttps.sourceforge.net Versions Affected 0.1.0-alpha   AuthorSalvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date2010-03-10   X. INDEX   I.ABOUT THE APPLICATION II. DESCRIPTION III.ANALYSIS IV. SAMPLE CODE V.FIX VI. DISCLOSURE TIMELINE   I. ABOUT THE APPLICATION   An ultra lightweight webserver witha verysmallmemory usage.     II. DESCRIPTION   Bad chars are not properly sanitised.     III. ANALYSIS   Summary:   A) Path Traversal   A) Path Traversal   The problem is in the management of the bad chars that can beusedtolaunchsome attacks,such as the directory traversal. The path traversal sequence ('../') is not checked, soit can be used for seeking thedirectoriesof theaffected system.     IV. SAMPLE CODE   The following is a simple example:   GET /../../../../../../etc/passwd HTTP/1.1   In this example, the daemon has been started in the follows path: /home/drosophila/downloads/uhttps/src     V. FIX   No patch.     VIII. DISCLOSURE TIMELINE   2010-03-10 Bug discovered 2009-03-10 Advisory Release