Tiny Server Directory Traversal Vulnerability
BID:52541
Info
Tiny Server Directory Traversal Vulnerability
| Bugtraq ID: | 52541 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2012 12:00AM |
| Updated: | Mar 17 2012 12:00AM |
| Credit: | KaHPeSeSe |
| Vulnerable: |
Tiny Server Tiny Server 1.1.5 |
| Not Vulnerable: | |
Discussion
Tiny Server Directory Traversal Vulnerability
Tiny Server is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Tiny Server is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Exploit / POC
Tiny Server Directory Traversal Vulnerability
An attacker can exploit the issue through a browser.
The following exploit is available:
An attacker can exploit the issue through a browser.
The following exploit is available:
Solution / Fix
Tiny Server Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].