Article delegate-en/1459 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1458@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: delegate exploits
24 Dec 2001 05:46:35 GMT Lim Chee Wooi <pwecqbdyi-iievoc4aqlzr.ml@ml.delegate.org>


I fixed it already. Thanks


Yutaka Sato wrote:

>On 12/24/01(10:59) you Lim Chee Wooi <pwecqbdyi-iievoc4aqlzr.ml@ml.delegate.org> wrote
>in <_A1457@delegate-en.ML_>
> |I found one exploit on delegate server, please try
> |http://www.somedelegateserver.com:8080/-_-file:///etc/passwd or
> |http://www.somedelegateserver.com:8080/-_-file:///c:
>
>Could you tell me the version and the configuration parameters
>of the DeleGate you found?
>
>By default, HTTP-DeleGate prohibits access to "file:*", usage
>from clients on non-local networks to the DeleGate, and so on.
>If someone configure DeleGate to allow exploit from remote networks
>for "file:", it becomes exploitable as the person intended.
>
>Cheers,
>Yutaka
>--
>  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
> ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
>_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
>



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V