Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

SlimServe HTTPd ver. 1.1a Directory Traversal
From: se00020 () LION CC
Date: Sat, 3 Mar 2001 09:36:52 -0000
it is possible to view dir. and (download) files outside 
of the wwwroot directory.

Exploit:
http://127.0.0.1/.../
http://127.0.0.1/.../.../directory/file.xxx

Solution:

disable folder listings (it is enabled by default), which 
will secure you from
viewing dir. outside of the wwwroot dir.But it is still 
possible to download
or view files when the location is known.

the author has been contacted on 03.March.2001.
No reply was received yet.


se00020 () fhs-hagenberg ac at

  By Date           By Thread  

Current thread:
  • SlimServe HTTPd ver. 1.1a Directory Traversal se00020 (Mar 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]