Lil' HTTP Server Discloses Files Located Outside of the Web Document Directory to Remote Users and Allows Remote Users to Conduct Cross-site Scripting Attacks Against Administrators
SecurityTracker Alert ID: 1004123|
SecurityTracker URL: http://securitytracker.com/id/1004123
(Links to External Site)
Date: Apr 22 2002
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network|
Exploit Included: Yes |
Version(s): 2.2 and prior|
Two vulnerabilities were reported in the Lil' HTTP Server. A remote user can traverse the directory to view files located outside of the web document directory. A remote user can also conduct cross-site scripting attacks against administrators.|
SecuriTeam reported that a remote user can send a URL with '../' directory traversal characters to navigate the directory structure and view files on the server that are located outside of the web server document directory.
A demonstration exploit URL that will display the 'win.ini' file is provided:
A demonstration exploit request is provided:
GET / HTTP/1.0
SecuriTeam reports that this information has been provided by <mailto:firstname.lastname@example.org> Matthew Murphy.
No solution was available at the time of this entry.|
Vendor URL: www.summitcn.com/lilhttp/lildocs.html (Links to External Site)
Input validation error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: [NT] Lil' HTTP Server Directory Traversal Vulnerability|
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Lil' HTTP Server Directory Traversal Vulnerability
<http://www.summitcn.com/lilhttp/lildocs.html> Lil' HTTP Server is a
lightweight web server. The server has been found to contain a
vulnerability that would allow attackers to climb up the directory
structure and obtain access to files that reside outside the normally
bounding HTML root directory.
Lil' HTTP Server version 2.2 and prior
Accessing the following URL:
Will return the win.ini file located under the Windows directory.
The information has been provided by <mailto:email@example.com>
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: firstname.lastname@example.org
In order to subscribe to the mailing list, simply forward this email to: email@example.com
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
profits or special damages.