###################################################################### Luigi Auriemma Application: SWServer (http://www.geocities.com/tlhome2000/swserver.html) Version: 2.2 and previous Bug: Directory traversal bug Date: 28 Aug 2002 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ###################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ###################################################################### =============== 1) Introduction =============== Swserver is a small free webserver totally written in Java. It can be considered just like a tiny webserver for tests or for be used by single users that don't want to lost their time in configuration files. ###################################################################### ====== 2) Bug ====== The bug is a directory traversal bug that let the attacker to use the remote server like a new read-only drive, all readable with a browser. The bad characters that can be used for exploit the vulnerability are '\' (%5c) and '/' (%2f). ###################################################################### =========== 3) The Code =========== I suggest to try only these links and then follow the directories with the browser: http://host/%2f%2e%2e%2f http://host/%5c%2e%2e%5c http://host/..\ http://host/../ ###################################################################### ====== 4) Fix ====== SWserver 2.3 from its homepage: http://www.geocities.com/tlhome2000/swserver.html ######################################################################