【警告】趨勢科技TRENDMICRO Interscan 遠端目錄權限逾越漏洞



贊助商連結


TAIWAN
2004-03-26, 11:41 PM
趨勢科技TRENDMICRO Interscan 遠端目錄權限逾越漏洞

Interscan Web Viruswall, a part of Interscan Viruswall package, is a web proxy/gateway service that has a responsibility to scan virus "on-the-fly" before it reach the user browser. In Interscan Web Viruswall, there is a builtin mechanism that allows anybody to read files at the /ishttp/localweb directory by using such an URL: http://victimIP:8080/ishttpd/localweb/filename. Other URLs point to different directories (except sub-directories of "localweb") won't trigger the mechanism and will be forwarded to the proxy which the service is set up to. The reason there such a "feature" is because Interscan Web Viruswall has another feature (not turned on by default) called TeleWindow which uses an applet (/ishttpd/localweb/java/telewind.zip) to allow user to see the scanning process. Unfortunately, that built-in mini webserver has a directory traversal problem. By using such an URL like this, an evil genius ;-) can access to files outside the localweb directory:

http://victimIP:8080/ishttpd/localweb/java/?/../../../ishttpd.exe

will download the service executable file or test

http://24.128.159.50:8080/ishttpd/localweb/java/?/../../../../../../../../autoexec.bat

will download the autoexec.bat file in the root directory.

root :eek: :eek: :D :D

贊助商連結


dou0228
2004-03-26, 11:59 PM
好樣的...
這種玩 "../../xxxx/.../...." 的遊戲之前已經整死過很多軟體了..
沒想到 Interscan 裡的 ishttp 也有這個 "好東西"...:D