Users login

Create an account »


Users login

Home » Hacking News » GoAhead Web Server Directory Traversal + Cross Site Scripting

GoAhead Web Server Directory Traversal + Cross Site Scripting

by Nikola Strahija on July 11th, 2002 GoAhead is an open source 'embedded' web server. Apparently used in various networking devices from several blue chip companies. ( )


Cross Site Scripting via 404 messages.

GoAhead quotes back the requested URL when responding with a 404. Hence it
is possible to perform cross-site scripting attacks, e.g:


Read arbitrary files from the server running GoAhead(Directory Traversal)

GoAhead is vulnerable to a directory traversal bug. A request such as

GoAhead-server/../../../../../../../ results in an error message
'Cannot open URL'.

However, by encoding the '/' character, it is possible to break out of the
web root and read arbitrary files from the server.
Hence a request like:

GoAhead-server/..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini returns the
contents of the win.ini file.

Vendor Response:
I was unable to obtain any response from GoAhead technical support regarding
the identified issues.

Patch Information:
No vendor response, so unsure if fixed version available.

Security History:
================= - Directory Traversal - Denial of Service - Denial of Service

This advisory is available online at:

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »