Donato Ferrante Application: BremsServer http://www.herberlin.de/ Version: 1.2.4 Bugs: directory traversal and cross site scripting Author: Donato Ferrante e-mail: fdonato@autistici.org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bugs 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "Herberlin BremsServer is a small HTTP server you can use to test your web pages on your local machine." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 2. The bugs: ------------- [1] directory traversal bug, the program does't make a good check on the user input string ( /../ ) so an attacker is able to see and download all the files on the remote system simply using his browser. [2] cross site scripting bug, the program doesn't make a full check on the strings sent by the client, in fact the input strings are not filtered and they will appear in the returned page. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- To test the vulnerabilities: [1] http://[host]/../PATH/windows/system.ini [2] http://[host]/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ Bugs will be fixed in the next version of BremsServer. So go on the BremsServer's official web site: http://www.herberlin.de/ and check for a new version. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx