|
 AOLServer
Password Protected File Arbitrary Read Access Vulnerability
Type File Disclosure Release Date January 6, 2002 Product / Vendor AOLserver is America Online's Open-Source web server. AOLserver is the backbone of the largest and busiest production environments in the world. AOLserver is a multithreaded, Tcl-enabled web server used for large scale, dynamic web sites. Summary AOLServer software, the folders you must reach by password, can be reached easily without authority. AOLServer does not sufficiently handle access control requests. If a remote user knows the path directly to a password protected file hosted on the AOLServer, the user may access the file directly via the full path, circumventing authentication. This makes it possible for remote users to gain arbitrary access to sensitive files. To use this vulnerability all you have to do is adding a single "." (dot) character at the end of the files' name. With this way without any authorization people can download the files binary/html/text at servers. TCL scripts on AOLServers have support for ADP (AOL Server Dynamic Pages) which can be used on web. Also with this vulnerability you can download the source of the files created using ADP. http://host/passwordprotected.file. Example http://host/nstelemetry.adp. Tested Windows 2000 / AOLserver 3.4.2 Vulnerable AOLserver 3.4.2 for Windows Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |
 |