Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: unix5660.htm

Blazix 1.2 jsp view and free protected folder access
26th Aug 2002 [SBWID-5660]

		Blazix jsp view and free protected folder access


		Blazix 1.2 and previous


		In Auriemma Luigi, PivX [] security advisory :

		The bug I want to describe is one of the most diffused problems  in  the
		current applications. It is the problem that have some operating  sytems
		API that  open  files  without  checking  some  character  that  can  be
		attached to the file name. In Blazix the "bad" characters  are  '+'  and
		'\' (NOT %2b and %5c).

		With this bug we can view all the server side scripts in  it  and,  more
		dangerous, we have free access to the password protected folders.

		Attention because the version 1.2.1 (released for some  days)  is  still
		vulnerable to the "password protected folder access" (only the jsp  view
		has been fixed in this release).

		A] Jsp view examples:\



		B] Free protected folder access examples (bugtest is  a  folder  that  I
		have created and protected with a password):\/


		If you don't have a  protected  folder  you  can  quickly  follow  these
		simple steps:

		   a) make a new folder called bugtest in webfiles

		   b) copy webfiles\index.html in webfiles\bugtest\index.html

		   c) add "role.user.url: /bugtest/*" in web.ini file

		   d) close and restart the web server for load the new settings




		The Blazix team has patched  the  server  and  you  can  see  your  real
		version in the Readme.txt file in the Blazix  folder  (it  is  the  ONLY
		place  where  is  written  the  real  version).  Blazix  1.2.2  can   be
		downloaded from its homepage:



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH