Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: offexp1.htm

Offline Explorer remote directory traversal vulnerability



Vulnerability

    Offline Explorer

Affected

    Offline Explorer 1.0...1.2

Description

    Following  was  found  by  Wyzewun  and  publicized  in  Forbidden
    Knowledge Ezine 9  on May 19,  2000.  By  default Offline Explorer
    listens on port  800 on which  a remote user  can gain read-access
    to a remote host's web cache and from there directory traverse.

    Performing a GET request containing "../..\" will allow the remote
    user to browse the cache and the upper directory structure.

    The download directory is accessible via the internal Web  server.
    It is the only  accessible area.  However,  in versions 1.0 -  1.2
    if a URL http://127.0.0.1:800/./../../ is entered, it is  possible
    to get to a directory outside the download directory.

    Exploit sample:

        GET ../..\ HTTP/1.1
        HTTP/1.0 200 OK
        Server: Web Downloader 4.1 (Win32)
        Content-Type: text/html
        Content-Length: 5048

Solution

    This problem was fixed in OE 1.3 Beta 1 version, and therefore  in
    all later versions as  well.  You can  no longer access any  areas
    outside the download directory.   The best workaround, of  course,
    would be to download latest version.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH