[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : 24Link 1.06 Web Server Vulnerability

Title: 24Link 1.06 Web Server Vulnerability
Released by: Phriction
Date: 28th November 2000
Printable version: Click here
24Link 1.06 Web Server



A vulnerability was found in 24Link 1.06 Web Server for Windows

95/98/2000/NT machines. The vulnerability allows you to view any password

protected files on the Web Server,  provided that the Authorization -

Check User Name and Password- On all Requests option wasn't chosen, which

asks for user name/password for every request sent to the server. If

specific files are password protected, for example by default the

access.txt log file is, I can bypass the password prompt by putting one of

these before the filename in the request to the server,






or any of these and the ending slash being two or more /'s up to around

200.. for example http://24link.net/++//////protected.html

for example 24Link has a default file password protected, the log file so

on a 24Link Server  I would send a request "GET /+/access.txt

HTTP/1.0\r\n" or type in my favorite browser

http://24linkserver.com/+/access.txt it will return the access.txt. And works on any other

specifically password protected file or directory, also by default 24Link

1.06 allows directory listing which can lead to many a security



I contacted the vendor over a week ago and still nothing back, I would

suggest if you need, absolutely need to use this web server do not store

private or sensitive information in the Sever Root directory tree. If you

have to have sensitive information make sure you uncheck allow directory

listings under the options menu and choose the Authorization - Check User

Name and Password- On all Requests option or in 2000/NT setting up rights

so those files are not world-readable (NOTE: I do not have an NT box to

install this server on and test it, this is just a suggestion, should be

tested first to make sure it works correctly).


Legions of the Underground



(C) 1999-2000 All rights reserved.