[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Anaconda Foundation Directory NULL byte vulnerability

Title: Anaconda Foundation Directory NULL byte vulnerability
Released by: Synnergy
Date: 13th October 2000
Printable version: Click here
        Synnergy Laboratories Advisory SLA-2000-17


       Anaconda Foundation Directory NULL byte vulnerability


        Linux/UNIX with Anaconda Foundation Directory


 Synnergy Labs has found a flaw within Anaconda Foundation Directory that allows a user to

 successfully traverse the filesystem on a remote host, allowing arbitary files/folders to

 be read.


 The Anaconda Foundation Directory is a Yahoo style search engine based on the Open Directory

 project, www.dmoz.org. The Anaconda Foundation Directory allows you to dynamically integrate content into

 your site's own look and feel. This is the exact same content that Lycos features on their

 front page! Product pricing is $499 US.

 Anaconda Foundation Directory can be found at:http://anacondapartners.com/ap_afodpdemo.html

 Synnergy has recently discovered a flaw within Anaconda Foundation Directory that allows a remote

 user to traverse the filesystem as a request to the script using the $template=_some_file_. It is

 then possible to read any file contents with priviledges as the httpd.

 Although the script checks for the file extension (.htm, .html, .html, .stm) adding a trailing

 %00.html, (a NULL byte in URL encoded format), at the end of the request will force the script to

 open the file.



 The above line if given will output the file contents of /etc/resolv.conf.


  The vendors have been informed of the bug. It is advised to wait for the next patched version of

  Anaconda Foundation Directory to be released.


        Discovery: pestilence @ synnergy.net


        Synnergy Laboratories may not be held liable for the use or potential

        effects of these programs or advisories, nor the content contained

        within. Use them at your own risk.


        Synnergy Laboratories -  www.synnergy.net (c) 1998-2000

(C) 1999-2000 All rights reserved.