A vulnerability in the Easy Chat server allows access to files located outside of the "webroot" due to the possibility of trivial escaping the webroot by typing ../.
1ba6514dc76dc30874d70b47c661fca981be3bd1447ee0f283bc252d5d1fca3d+++ Easy chat server 1.2 Directory traversal +++
Release Date:
June 30 , 2004
Severity:
MEdium
Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)
windows 9x
Description:
Easy Chat Server is a easy, fast and affordable way to host and manage your own real-time communication
software, it allows friends/colleagues to chat with you through a Web Browser (IE, Netscape, Opera etc.)
on any computer (Windows, Linux, Solaris...) without any special plug-ins or software. It can help you
setup your community chat rooms, collaborative work sessions or online meetings.
A simple Directory traversal problem has been identified in Easy chat server 1.2 that may allow a remote user
to read files outside the WWW directory.
Example: /../../boot.ini
Workaround:
Use another product.
Pr00f of concept code:
sorry, nothing at the moment but some pr00f of concept exploit may emerge soon.
Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/
Feedback
Please send your comments to: dr_insane@pathfinder.gr
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed