logo
banner
Download the FREE 5-IP version of the GFI LANguard network vulnerability scanner!
line
HOME
TOOLBOX
ON MY MIND RIGHT NOW
MISC
ABOUT
line
forest

Dotdot vulnerability in Alibaba 2.0

There is a dotdot vulnerability in the web server Alibaba 2.0. Here is an example:

If you install the server so the web root is located in c:\alibaba\HtmlDocs\ and there is a file c:\winnt\file.txt you can send an URL:

http:\\www.server.se\..\..\winnt\file.txt

and get the "file.txt" file. This works all over the disk Alibaba is installed on. If directory browsing isn't allowed you have to know the pathname of the file you want. If directory browsing is allowed you can start at the disk root directory, but you have to enter the directories by hand when browsing, because the server will assume they are located in the web root, so if you just click around all you'll get is lots of 404's.



© Arne Vidstrom. All rights reserved.