u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

Eserv 2.50 Web interface Server Directory Traversal Vulnerability

Eserv 2.50	Eserv 2.50 Web interface Server Directory Traversal Vulnerability
	Product: Eserv/2.50 is the complete solution to access Internet from LAN: - Mail Server (SMTP and POP3, with ability to share one mailbox on the ISP, aliases and mail routing support) - News Server (NNTP) - Web Server (with CGI, virtual hosts, virtual directory support, web-interface for all servers in the package) - FTP Server (with virtual directory support) - Proxy Servers * FTP proxy and HTTP caching proxy * FTP gate * HTTPS proxy * Socks5, Socks4 and 4a proxy * TCP and UDP port mapping * DNS proxy - Finger Server - Built-in scheduler and dialer (dial on demand, dialer server for extern agents, scheduler for any tasks) PROBLEM UssrLabs found a Eserv Web Server Directory Traversal Vulnerability Using the string '../' in a URL, an attacker can gain read access to any file outside of the intended web-published filesystem directory There is not much to expand on this one.... Example: http://127.1:3128/../../../conf/Eserv.ini to show all configuration file including account names Vendor Status: no contacted Vendor Url: http://www.eserv.ru/ Program Url: http://www.eserv.ru/eserv/ Credit: USSRLABS SOLUTION Nothing yet. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h