Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14336
HistorySep 19, 2006 - 12:00 a.m.

Busy box httpd file traversal vulenrability

2006-09-1900:00:00
vulners.com
16

a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this http://attacked-host//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd I have tested with busy box 1.01 and I dont know if other versions are vulenrable