Home page logo

bugtraq logo Bugtraq mailing list archives

vqserver /........../
From: nilssonssite () SWIPNET SE (Johan Nilsson)
Date: Tue, 21 Mar 2000 09:10:43 +0100

Version tested: vqserver 1.9.9 for windows

The webserver vqserver follows /........../ in requests.
http://host/........../autoexec.bat gives the autoexec.bat file.

More serious,
where /some/path/ could be anything, but normally /program/vqserver/,
gives the server settings and all passwords unencrypted.
By default remote administration is on port 9090, with the login and
password in server.cfg anyone could configure the server.

I have downloaded the latest windows version from www.vqsoft.com and
did not find this problem in the latest version, 1.9.31. Strange version
lower then the version I found this problem in... Could someone give an

Johan Nilsson
<nilssonssite () swipnet se>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]