Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln

From: Tekno pHReak (tek@superw00t.com)
Date: 03/10/02

Date: 10 Mar 2002 04:23:45 -0000
From: Tekno pHReak <tek@superw00t.com>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Pi3Web/2.0.0 File-Disclosure/Path Disclosure

Discovered by: Teknophreak of Malloc()
Date: March 9 2002
Contact: tek@superw00t.com

Pi3Web is a Webserver available for multiple
Microsoft Windows

There are multiple disclosure flaws within the
that may assist an attacker in performing more
attacks against the server and also can allow the
of sensitive files on the webserver.

To see the webroot directory just simply cause a 404


To view files on the web server that you are not
supposted to
be seen do something like:


Quick Fix:

Don't use it or wait for vendor patch.

Relevant Pages

  • Re: nobody using sudo -- scary!
    ... don't run your webserver as "nobody". ... If this web server is tightly controlled and only used for controlling ... it permission to run that script. ...
  • RE: website inside or outside the domain?
    ... it is better not to have domain authentication traffic ... publicly accessible web server in a DMZ, with a DC also in the DMZ ... > webserver is ... network) its not the best model to use. ...
  • Re: design issue - embedded webserver application
    ... A webserver should run on the SBC so that the system can be configured ... using some scripts embedded in html which the webserver then parses ... or suggestions about which technologies to use (cgi for interface? ... trivial learning curve if you don't know what a web server really does ...
  • Re: PHP Runs In WinXP Command Window But Not In Browser
    ... A surfer users their web browser to send a request to a webserver at ... php script processor back to the web browser. ... You need to check that your web server is working. ...
  • backup operation: back up the files belong to www-run
    ... I need to decide how to back up my web server from my office. ... then the script cannot read the files web visitors uploaded (permission ... I try to let my backup script connect to the webserver as root. ...