[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-bugs] [bug #25667] Http double slash request arbitrary file ac
|
From: |
kyak |
|
Subject: |
[Mldonkey-bugs] [bug #25667] Http double slash request arbitrary file access vulnerability |
|
Date: |
Sun, 22 Feb 2009 08:55:41 +0000 |
|
User-agent: |
Opera/9.63 (Windows NT 5.1; U; en) Presto/2.1.1 |
URL:
<http://savannah.nongnu.org/bugs/?25667>
Summary: Http double slash request arbitrary file access
vulnerability
Project: mldonkey, a multi-networks file-sharing client
Submitted by: kyak
Submitted on: Вск 22 Фев 2009 08:55:40
Category: HTTP interface
Severity: 3 - Normal
Item Group: Program malfunction
Status: None
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 2.9.7
Release: 2.9.7
Operating System: Linux
Binaries Origin: CVS / Self compiled
CPU type: Intel x86
_______________________________________________________
Details:
I can access http://myip:4080//etc/passwd from my browser.
Actually, i can access any file, readable by mldonkey, i just need to put a
double slash before the name.
It looks like a thttpd double slash request arbitrary file access
vulnerability CVE-1999-1456.
I am astonished that this has been staying undetected and unfixed for such a
long time.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?25667>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [Mldonkey-bugs] [bug #25667] Http double slash request arbitrary file access vulnerability,
kyak <=