Bugtraq mailing list archives

Miniwebsvr 0.0.6 - Directory traversal

From: Daniel Nyström <daniel.nystrom () xored net>
Date: Mon, 12 Feb 2007 00:25:49 +0100

Hello!

Miniwebsvr 0.0.6 suffers from a directory traversal flaw.

"Exploit" :

        http://yoursite/..%00


Attack vector seems limited as you're only able to list one level down.

Cheers,

Daniel Nyström, daniel.nystrom () xored net
Fredrik Wessberg, fredd3 () hotmail com

Current thread:

Miniwebsvr 0.0.6 - Directory traversal Daniel Nyström (Feb 12)