Reported July 31, 2000 by Foundstone
VERSIONS AFFECTED
SimpleServer adequately protects against directory traversal when attempted via the typical dot dot slash (../) syntax. However, if the ASCII characters for the dots are replaced with their hexidecimal equivalent (%2E) then directory traversal can succeed.
DEMONSTRATION
http://TestWebServer/%2E%2E/filename.ext
VENDOR RESPONSE
AnalogX released an updated version 1.07 of the product, which corrects the vulnerability.
CREDIT
Discovered by Foundstone
0 comments
Hide comments