Vulnerability I

Back

Problem

By sending a request with a filename containing references to parent directories, like /../../../../../autoexec.bat, access to any file on the drive from which WWW Server runs can be gained. With a filename like c:\autoexec.bat other drives can possibly accessed as well, though this has not been tested.

Versions

Vulnerable are Compieuw beta 2 and some early versions. Fixed in Compieuw.

Description of the fix

The URL is first converted to a Windows pathname (which lead to Vulnerability II) and then fed through ExpandFileName. Then, it is converted back to a UNIX filename.