New Exploit in AOLserver
Posted to BugTraq by joetesta@hushmail.com
Overview
AOLserver v3.2 is a web server available from http://www.aolserver.com.
A vulnerability exists which allows a remote user user to break out of the
web root using relative paths (ie: '...').
Details...
AOLServer checks the requested virtual path for any double dots ('..'),
and returns a 'Not Found' error page if any are present. However, it
does not check for triple dots ('...'). Here is an example URL:
http://localhost:8000/.../[file outside web root]
Note that this vulnerability has only been tested on the latest stable
release (v3.2) for the Win32 platform.
Solution
No quick fix is possible.
Vendor Status
America Online, Inc. was contacted via http://www.aolserver.com/feedback/
on Tuesday, January 30, 2001. No reply was received.
- Joe Testa ( e-mail: joetesta@hushmail.com / AIM: LordSpankatron
)