Dotdot vulnerability in Alibaba 2.0
There is a dotdot vulnerability in the web server Alibaba 2.0. Here is an example:
If you install the server so the web root is located in c:\alibaba\HtmlDocs\ and there is a file c:\winnt\file.txt you can send an URL:
and get the "file.txt" file. This works all over the disk Alibaba is installed on. If directory browsing isn't allowed you have to know the pathname of the file you want. If directory browsing is allowed you can start at the disk root directory, but you have to enter the directories by hand when browsing, because the server will assume they are located in the web root, so if you just click around all you'll get is lots of 404's.