Bugtraq mailing list archives
SlimServe HTTPd ver. 1.1a Directory Traversal
From: se00020 () LION CC
Date: Sat, 3 Mar 2001 09:36:52 -0000
it is possible to view dir. and (download) files outside of the wwwroot directory. Exploit: http://127.0.0.1/.../ http://127.0.0.1/.../.../directory/file.xxx Solution: disable folder listings (it is enabled by default), which will secure you from viewing dir. outside of the wwwroot dir.But it is still possible to download or view files when the location is known. the author has been contacted on 03.March.2001. No reply was received yet. se00020 () fhs-hagenberg ac at
Current thread:
- SlimServe HTTPd ver. 1.1a Directory Traversal se00020 (Mar 04)