[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Miniwebsvr 0.0.6 - Directory traversal

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Miniwebsvr 0.0.6 - Directory traversal
From: Daniel Nyström <daniel.nystrom@xxxxxxxxx>
Date: Mon, 12 Feb 2007 00:25:49 +0100

Hello!

Miniwebsvr 0.0.6 suffers from a directory traversal flaw.

"Exploit" :

        http://yoursite/..%00


Attack vector seems limited as you're only able to list one level down.

Cheers,

Daniel Nyström, daniel.nystrom@xxxxxxxxx
Fredrik Wessberg, fredd3@xxxxxxxxxxx

Prev by Date: Jportal 2.3.1 CSRF vulnerability
Next by Date: Re: Re[2]: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities
Previous by thread: Jportal 2.3.1 CSRF vulnerability
Next by thread: Radical Technologies - Portal Search- multiple XSS issue
Index(es):
- Date
- Thread