COMMAND

	Sybex E-Trainer directory traversal vulnerability

SYSTEMS AFFECTED

	All current ?? (as of 12 February 2002)

PROBLEM

	ZeroBreak posted :
	

	The vulnerability that takes place  is  the  infamous  \"..\"  directory
	traversal. With a specially crafted request to the web  server  you  can
	view any file on the  target\'s  computer  under  the  logged  in  users
	permissions. The request is in the format of:
	

	http://target/netget?sid=user&msg=300&file=/../../../filename.ext

	

	The web server is only running when a user runs  the  e-trainer  course.
	When the user closes  the  browser  the  web  server  also  shuts  down.
	However if the user opens  the  e-trainer  and  uses  the  same  browser
	window to start browsing other websites, the web server will stay  open.
	This could cause the vulnerable server to be running for an even  longer
	period of time. It should also be noted that this  web  server  has  not
	logging features and it is open to any  connection  requests.  Not  just
	from the local host.

SOLUTION

	None yet.