[VIM] Verified: dot in Miniwebsvr 0.0.6

Heinbockel, Bill heinbockel at mitre.org
Tue Feb 13 10:32:47 EST 2007


Research: bl4ck
BUGTRAQ:20070211 Miniwebsvr 0.0.6 - Directory traversal

In src/server.c (lines 221-229):

    // Check for sub-root hacking, If found send a forbidden.
    if (strstr(filename,"../")!=NULL)
    {
        strlcat(inst->logbuffer," ;",SERVER_BUFFER_SIZE);
        setHeader_respval(inst,403);  // Forbidden
        printHeader(inst,headeronly,Buffer,SEND_BUFFER_SIZE); // No
need to read

        goto serverquit;
    }


So only a directory traversal of .. will work.


William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615


More information about the VIM mailing list