uhttp Server 0.1.0-alpha – Directory Traversal

• Exploit Database
• 9 阅读

• 作者： Salvatore Fresta
  日期： 2010-03-23
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/11856/

• uhttp Server Path Traversal Vulnerability
  
   Nameuhttp Server
   Vendorhttp://uhttps.sourceforge.net
   Versions Affected 0.1.0-alpha
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-03-10
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   VI. DISCLOSURE TIMELINE
   
  
  I. ABOUT THE APPLICATION
  
  An ultra lightweight webserver witha verysmallmemory
  usage.
  
  
  II. DESCRIPTION
  
  Bad chars are not properly sanitised.
  
  
  III. ANALYSIS
  
  Summary:
  
   A) Path Traversal
  
  A) Path Traversal
  
  The problem is in the management of the bad chars that can
  beusedtolaunchsome attacks,such as the directory
  traversal.
  The path traversal sequence ('../') is not checked, soit
  can be used for seeking thedirectoriesof theaffected
  system.
  
  
  IV. SAMPLE CODE
  
  The following is a simple example:
  
  GET /../../../../../../etc/passwd HTTP/1.1
  
  In this example, the daemon has been started in the follows
  path: /home/drosophila/downloads/uhttps/src
  
  
  V. FIX
  
  No patch.
  
  
  VIII. DISCLOSURE TIMELINE
  
  2010-03-10 Bug discovered
  2009-03-10 Advisory Release