[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: directory traversal in FastStone 4in1 Browser 1.2
From: "Donato Ferrante" <fdonato () autistici ! org>
Date: 2005-03-29 18:37:48
Message-ID: 20050329183748.33FB415800B () chernobyl ! investici ! org
[Download RAW message or body]
Donato Ferrante
Application: FastStone 4in1 Browser
http://www.faststone.org
Version: 1.2
Bug: directory traversal
Date: 29-Mar-2005
Author: Donato Ferrante
e-mail: fdonato@autistici.org
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"A FREE multi-window Web Browser with a built-in Web Server."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The program by default has some checks to avoid malicious patterns
like "/../" into http requests, but it doesn't manage patterns like:
"\..\", "../" or "/.../".
So an attacker is able to see and download all the files on the remote
system simply using a browser.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability:
http://[host]/.../.../.../.../.../.../windows/system.ini
or:
http://[host]/..\..\..\..\..\..\..\..\windows/system.ini
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
Vendor was contacted.
Bug fixed in the version 1.3.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic