Bugtraq mailing list archives
directory traversal in FastStone 4in1 Browser 1.2
From: "Donato Ferrante" <fdonato () autistici org>
Date: Tue, 29 Mar 2005 18:37:48 -0000
Donato Ferrante Application: FastStone 4in1 Browser http://www.faststone.org Version: 1.2 Bug: directory traversal Date: 29-Mar-2005 Author: Donato Ferrante e-mail: fdonato () autistici org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bug 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "A FREE multi-window Web Browser with a built-in Web Server." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 2. The bug: ------------ The program by default has some checks to avoid malicious patterns like "/../" into http requests, but it doesn't manage patterns like: "\..\", "../" or "/.../". So an attacker is able to see and download all the files on the remote system simply using a browser. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- To test the vulnerability: http://[host]/.../.../.../.../.../.../windows/system.ini or: http://[host]/..\..\..\..\..\..\..\..\windows/system.ini xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ Vendor was contacted. Bug fixed in the version 1.3. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Current thread:
- directory traversal in FastStone 4in1 Browser 1.2 Donato Ferrante (Mar 29)