<<< Date Index >>>     <<< Thread Index >>>

Directory traversal and XSS in BremsServer 1.2.4



                           Donato Ferrante


Application:  BremsServer 
              http://www.herberlin.de/

Version:      1.2.4

Bugs:         directory traversal and cross site scripting

Author:       Donato Ferrante
              e-mail: fdonato@xxxxxxxxxxxxx
              web:    www.autistici.org/fdonato


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Herberlin BremsServer is a small HTTP server you can use to test your 
web pages on your local machine."


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

[1] directory traversal bug, the program does't make a good check on
    the user input string ( /../ ) so an attacker is able to see and
    download all the files on the remote system simply using his
    browser.

[2] cross site scripting bug, the program doesn't make a full check
    on the strings sent by the client, in fact the input strings are
    not filtered and they will appear in the returned page.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerabilities:


[1]

http://[host]/../PATH/windows/system.ini


[2]

http://[host]/<script>alert("Test")</script>



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Bugs will be fixed in the next version of BremsServer. So go on the
BremsServer's official web site: http://www.herberlin.de/
and check for a new version.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx