Reported January 19, 2001, by Strumpf Noir

VERSIONS AFFECTED
  • LocalWeb 2000 1.1.0

DESCRIPTION

A vulnerability has been identified in LocalWeb 2000. By adding "../" to a URL, a malicious attacker can read files outside of the webroot directory.

DEMONSTRATION

The following URL retrieves and displays the autoexec.bat file:

http://vulnerable.webserver.com:80/../../../autoexec.bat

VENDOR RESPONSE

The vendor has been notified and has communicated its intent to fix this problem in a future version of LocalWeb. See the vendor's Web site for more information:

http://www.intranet-server.co.uk

CREDIT
Discovered by
Strumpf Noir.