Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: web5532.htm

GoAhead Web Server Directory Traversal + Cross Site Scripting
11th Jul 2002 [SBWID-5532]

	GoAhead Web Server Directory Traversal + Cross Site Scripting


	GoAhead Web Server v2.1


	In  Matt   Moore   []   advisory   [ID#:wp-02-0001]
	[] :

	 Cross Site Scripting via 404 messages.



	GoAhead quotes back the requested URL when responding with a 404.  Hence
	it is possible to perform cross-site scripting attacks, e.g:



	 Read arbitrary files from the server running GoAhead(Directory Traversal)



	GoAhead is vulnerable to a directory traversal bug. A request such as



	results in an error message \'Cannot open URL\'.

	However, by encoding the \'/\' character, it is possible  to  break  out
	of the web root and read  arbitrary  files  from  the  server.  Hence  a
	request like:



	returns thecontents of the win.ini file.


	None yet

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH