Westpoint Security Advisory

Title:		GoAhead Web Server Directory Traversal + Cross Site Scripting		
Risk Rating: 	Medium
Software: 	GoAhead Web Server v2.1	
Platforms: 	Windows NT/98/95/CE				
		Embedded Linux
		Novell Netware + others

Vendor URL: 	www.goahead.com/webserver/webserver.htm
Author:		Matt Moore <matt@westpoint.ltd.uk>
Date:		10th July 2002
Advisory ID#:	wp-02-0001 

GoAhead is an open source 'embedded' web server. Apparently used in various
networking devices from several blue chip companies. 



Cross Site Scripting via 404 messages.

GoAhead quotes back the requested URL when responding with a 404. Hence it
is possible to perform cross-site scripting attacks, e.g:


Read arbitrary files from the server running GoAhead(Directory Traversal)

GoAhead is vulnerable to a directory traversal bug. A request such as 


returns the contents of the win.ini file.

Note that the backslashes do not necessarily have to be URLEncoded.

Vendor Response:
I was unable to obtain any response from GoAhead technical support regarding
the identified issues.

Patch Information:
No vendor response, so unsure if fixed version available.

Security History:

http://www.securiteam.com/securitynews/5QP010U3FS.html - Directory Traversal
http://www.securiteam.com/securitynews/5IP0E2K41I.html - Denial of Service
http://www.securiteam.com/windowsntfocus/5LP040A3RS.html - Denial of Service

This advisory is available online at:


Designed & Built by e3creative