Date: Wed, 9 Sep 1998 16:19:28 -0700
From: Jon Beaton <[email protected]>
To: [email protected]Subject: bug in iChat 3.0 (maybe others)
Hi,
The iChat (http://www.ichat.com/) ROOMS server runs as 'nobody', and on
port 4080 as default. From what I've noticed, it just uses http, and has
a bug which lets following /../../../ be ran on the URL using any web
browser. For example, something like:
http://chat.server.com:4080/../../../etc/passwd
will display the passwd file. With this you can view any file on the
system that 'nobody' has access to. I was only able to test this on
version 3.0 of the software, and running on Solaris. I contacted the
company about this, all they said was that if you're using 3.0, you
should upgrade to 3.03 as soon as possible. I don't even know if this
particular bug is fixed in that version. If you can try this on other
versions and OS's, I'd like to hear about the results.
Thanks,
Jon Beaton
[email protected]
jbx @ Undernet
