[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Miniwebsvr 0.0.6 - Directory traversal
- To: <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: Miniwebsvr 0.0.6 - Directory traversal
- From: Daniel Nyström <daniel.nystrom@xxxxxxxxx>
- Date: Mon, 12 Feb 2007 00:25:49 +0100
Hello!
Miniwebsvr 0.0.6 suffers from a directory traversal flaw.
"Exploit" :
http://yoursite/..%00
Attack vector seems limited as you're only able to list one level down.
Cheers,
Daniel Nyström, daniel.nystrom@xxxxxxxxx
Fredrik Wessberg, fredd3@xxxxxxxxxxx