Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: offexp1.htm

Offline Explorer remote directory traversal vulnerability

    Offline Explorer


    Offline Explorer 1.0...1.2


    Following  was  found  by  Wyzewun  and  publicized  in  Forbidden
    Knowledge Ezine 9  on May 19,  2000.  By  default Offline Explorer
    listens on port  800 on which  a remote user  can gain read-access
    to a remote host's web cache and from there directory traverse.

    Performing a GET request containing "../..\" will allow the remote
    user to browse the cache and the upper directory structure.

    The download directory is accessible via the internal Web  server.
    It is the only  accessible area.  However,  in versions 1.0 -  1.2
    if a URL is entered, it is  possible
    to get to a directory outside the download directory.

    Exploit sample:

        GET ../..\ HTTP/1.1
        HTTP/1.0 200 OK
        Server: Web Downloader 4.1 (Win32)
        Content-Type: text/html
        Content-Length: 5048


    This problem was fixed in OE 1.3 Beta 1 version, and therefore  in
    all later versions as  well.  You can  no longer access any  areas
    outside the download directory.   The best workaround, of  course,
    would be to download latest version.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH