Bajie Web Server Exposes File System
The Bajie Web server can be made to expose critical path information as well as files located on the same drive as the Web root directory.
July 30, 2000
Bajie Web Server Exposes File System
Reported July 31, 2000 by Andrew Lewis
VERSIONS AFFECTED
Bajie Web Server v0.03aDESCRIPTION
A Java servlet that ships with the Bajie Web server can be made to revealcritical physical path information. The servlet is located in the/servlet/test/pathinfo/test directory tree. In addition, by sending the server a URL thatcontains four dots (http://bajie.server/...) the server can be made to access any file onthe system by specifying its relative path from the root directory.
VENDOR RESPONSE
The author was contacted and sentinformation about how to eliminate the problems. Check the Bajie Website for an updated version.
CREDIT
Discovered by Andrew Lewis
About the Author
You May Also Like