Reported September 18, 2003, by Bahaa Naamneh.

 

 

VERSIONS AFFECTED

 

  • Plug & Play Software' s Plug & Play Web Server for Windows

 

DESCRIPTION

 

<span style="font-family:Verdana">A vulnerability in Plug & Play Software's Plug & Play Web Server for Windows can result in unauthorized read access to any file located on the vulnerable server. By using the "../" or "..\" string in a URL, an attacker can gain read access to any file that resides outside the intended Web-published file system directory.</h3>

 

DEMONSTRATION

 

The discoverer posted the following code as proof of concept:

 

Examples:

 

---------

 

http://localhost/../../autoexec.bat

 

http://localhost/../../windows/win.ini

 

http://localhost/../../  \[show the files and the folders in C drive - if the 'Show Directory list when homepage does not exist' option is active.\]

 

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.pandpsoftware.com/" style="color: blue; text-decoration: underline; text-underline: single">Plug & Play Software</a> has been notified.</h3>

 

CREDIT                                                                                                       
Discovered by Bahaa Naamneh.