« Joomla Remote Admin Change Password Vulnerability
Dopo la decisione del blocco, TPB registra un incremento del traffico dall’Italia »
13 08 2008

Apache Tomcat 6.0.18 UTF8 Directory Traversal Vulnerability

Posted by: Andrea L. in exploit, sicurezza, vulnerabilità

Description As Apache Security Team, this problem occurs because of JAVA side. If your context.xml or server.xml allows ‘allowLinking’and ‘URIencoding’ as ‘UTF-8′, an attacker can obtain your important system files.(e.g. /etc/passwd)

Exploit If your webroot directory has three depth(e.g /usr/local/wwwroot), An attacker can access arbitrary files as below. (Proof-of-concept) http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar

Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability.

Anche se questo mi sembra un tantinello più pericoloso IMHO!

Post correlati

  • Nessun post correlato

This entry was posted on Wednesday, August 13th, 2008 at 6:10 pm and is filed under exploit, sicurezza, vulnerabilità. You can follow any responses to this entry through the RSS 2.0 feed. You can This entry was posted ona response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>