Home page logo
/

bugtraq logo Bugtraq mailing list archives

Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
From: Tekno pHReak <tek () superw00t com>
Date: 10 Mar 2002 04:23:45 -0000



Pi3Web/2.0.0 File-Disclosure/Path Disclosure 
***************************************************
Vulnerability
*************

Discovered by: Teknophreak of Malloc()
**************************************
Date: March 9 2002
*******************
Contact: tek () superw00t com
***************************

Pi3Web is a Webserver available for multiple 
Microsoft Windows
platforms. 


There are multiple disclosure flaws within the 
webserver 
that may assist an attacker in performing more 
concentrated
attacks against the server and also can allow the 
disclosure
of sensitive files on the webserver.

To see the webroot directory just simply cause a 404 
error:

http://pi3web-host.com/fake_page


To view files on the web server that you are not 
supposted to
be seen do something like:

http://pi3web-host.com/*.extension




Quick Fix:
-------------

Don't use it or wait for vendor patch.




  By Date           By Thread  

Current thread:
  • Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln Tekno pHReak (Mar 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault