AOH :: Web :: Servers :: B06-4767.HTM

AOH :: Web :: Servers :: B06-4767.HTM
Busy box httpd file traversal vulenrability

Busy box httpd file traversal vulenrability Busy box httpd file traversal vulenrability


a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have tested with busy box 1.01 and I dont know if other versions are vulenrable

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.