<<< Date Index >>>     <<< Thread Index >>>

Busy box httpd file traversal vulenrability



a file traversal attack is possible in busybox's http daemon when you send a 
url encoded slash like this 
http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have 
tested with busy box 1.01 and I dont know if other versions are vulenrable