BPM Studio Pro 4.2 - HTTPd Directory Traversal

EDB-ID:

21311


Author:

UNTER

Type:

remote


Platform:

Windows

Date:

2002-02-27


source: https://www.securityfocus.com/bid/4198/info

BPM Studio Pro is a shareware MP3 mixer and player. It runs on Microsoft Windows operating systems. BPM Studio Pro includes a HTTP server for managing the player via a web interface.

The BPM Studio Pro HTTPD does not adequately filter dot-dot-slash (../) sequences from web requests. As a result, it is possible for a remote attacker to break out of wwwroot and browse the filesystem of the host. This may lead to disclosure of sensitive information as the remote attacker may display arbitrary web-readable files.

This is compounded by the fact that webservers on Microsoft Windows systems are normally run with SYSTEM privileges.

This issue reportedly affects BPM Studio Pro 4.2. Earlier versions may also be affected. It also should be noted that the HTTPD implementation is not enabled by default. 


http://BPM-HOST/../../../../autoexec.bat