".."-hole in Alibaba 2.0.
ab85df42ea84cf87c53ad28ae97e61da057744109d4ecd488d109858fb7b295e<HTML>
<HEAD>
<TITLE>".."-hole in Alibaba 2.0</TITLE>
</HEAD>
<BODY BGCOLOR="BLACK" TEXT="#FFDFBF" LINK="#C08010" VLINK="#C08010" ALINK="WHITE">
<FONT FACE="arial" SIZE="3">
<B>- ".."-hole in Alibaba 2.0 -</B>
<BR><BR>
</FONT>
<FONT FACE="arial" SIZE="2">
There is a hole in the web server Alibaba 2.0. Here's an example:
<BR><BR>
If you install it so the web root is located in c:\alibaba\HtmlDocs\ and there is a file c:\winnt\file.txt you can send an URL:
<BR><BR>
http:\\www.server.se\..\..\winnt\file.txt
<BR><BR>
and get the "file.txt" file. This works all over the disk Alibaba is installed on. If directory browsing isn't allowed you have to know the pathname of the file you want. If directory browsing is allowed you can start at the disk root directory, but you have to enter the directories by hand when browsing, because the server will assume they are located in the web root, so if you just click around all you'll get is lots of 404's.
</FONT>
<BR>
<FONT FACE="arial" SIZE="2">
<BR><BR>
<HR WIDTH="50%" ALIGN="CENTER" SIZE="1">
<CENTER><A HREF="https://www.bahnhof.se/~winnt/">[Home]</A> <A HREF="https://www.bahnhof.se/~winnt/advisories/index.html">[Security Advisories]</A> <A HREF="https://www.bahnhof.se/~winnt/toolbox/index.html">[The Toolbox]</A> <A HREF="https://www.bahnhof.se/~winnt/trashcan/index.html">[The Trashcan]</A></CENTER>
<P ALIGN=RIGHT>
<FONT FACE="arial" SIZE="1">
© 1999, Arne Vidström
</FONT>
</P>
</FONT>
</BODY>
</HTML>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed