TITLE:
HTTP Commander Directory Traversal Vulnerability

SECUNIA ADVISORY ID:
SA10125

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Less critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
HTTP Commander 4.x

DESCRIPTION:
A vulnerability has been reported in HTTP Commander, which can be
exploited by malicious users to gain knowledge of sensitive
information.

The vulnerability is caused due to missing validation of input
supplied to the "file" parameter of "OpenFile.aspx" and "Html.aspx".
This can be exploited to traverse out of the web root via the "../"
character sequence.

Example:
[Only registered and activated users can see links][victim]/OpenFile.aspx?file=../../../[existing_file]

The vulnerability has been reported in version 4.0.

SOLUTION:
****** malicious character sequences in a HTTP ***** or firewall with
URL filtering capabilities.

The impact of directory traversal attacks can be lessened by placing
the web root on a separate drive letter.

REPORTED BY / CREDITS:
Zero_X

----------------------------------------------------------------------