Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: sendtemp.htm

W3.ORGS directory traversal vulnerability




    Tom Parker found following.  Follows are details of a vunerability
    Tom recently  discovered in  W3.ORGS   A part  of the
    Amaya  Web   development  server   contains  a   file   disclosure
    vulnerability, which allows  remote, read access  to files on  the
    servers file system,  as whichever  UID the httpd is running as.

    The  Vulnerability  is  really  quite  simple.   When  the `templ`
    argument  is  past  to  it  adds a link to the chosen
    stylesheet and a META field  containing the publication's  URL  of
    the new file to the chosen template.  For example:


    This is all well and  good, however.. There is no  sanity checking
    on the param you pass to the script..  ie:

        my $temp_file = param("templ");

    So by simply issuing a GET to (for example):


    The systems file system can  be traversed and the passwd  file can
    be read (Assuming the http daemon hasn't been run under chroot()).

    The below URL contains a simple exploit, although its just as easy
    to use your browser:


    Note that are aware of this problem as of 12/01/01.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH