Home page logo
/

bugtraq logo Bugtraq mailing list archives

vqserver /........../
From: nilssonssite () SWIPNET SE (Johan Nilsson)
Date: Tue, 21 Mar 2000 09:10:43 +0100


Version tested: vqserver 1.9.9 for windows

The webserver vqserver follows /........../ in requests.
http://host/........../autoexec.bat gives the autoexec.bat file.

More serious,
http://host/........../some/path/vq/server/cfg/server.cfg
where /some/path/ could be anything, but normally /program/vqserver/,
gives the server settings and all passwords unencrypted.
By default remote administration is on port 9090, with the login and
password in server.cfg anyone could configure the server.

I have downloaded the latest windows version from www.vqsoft.com and
did not find this problem in the latest version, 1.9.31. Strange version
number,
lower then the version I found this problem in... Could someone give an
explanation?

Johan Nilsson
<nilssonssite () swipnet se>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault