Article delegate-en/1458 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1457@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: delegate exploits
24 Dec 2001 05:19:53 GMT feedback@delegate.org (Yutaka Sato)


On 12/24/01(10:59) you Lim Chee Wooi <pwecqbdyi-7pkjwoe4erfr.ml@ml.delegate.org> wrote
in <_A1457@delegate-en.ML_>
 |I found one exploit on delegate server, please try
 |http://www.somedelegateserver.com:8080/-_-file:///etc/passwd or
 |http://www.somedelegateserver.com:8080/-_-file:///c:

Could you tell me the version and the configuration parameters
of the DeleGate you found?

By default, HTTP-DeleGate prohibits access to "file:*", usage
from clients on non-local networks to the DeleGate, and so on.
If someone configure DeleGate to allow exploit from remote networks
for "file:", it becomes exploitable as the person intended.

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V