Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

CIS WebServer Directory Traversal Bug
From: "CorryL" <corryl () sitoverde com>
Date: Fri, 25 Feb 2005 18:33:54 +0100

-=[ x0n3-h4ck Italian Security Team ]=-

/*Advisories*\

/*

Application: CIS WebServer

Vendor's Url: www.cisindia.net

Version: 3.5.13

Platforms: Windows

Bug: Directory Traversal

Exploitation: Remote

Author: CorryL

corryl80 () gmail com

www.x0n3-h4ck.org

*\



{Description}

CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.


{Bug}

http://victimhost/../../../windows/repair/sam

A remote user succeds to read the file sam of the system where CIS WebServer
is running



{Vendor Status}

20/02/2005 Vendor notification

21/02/2005 Vendor Response

25/02/2005 No patch relase from vendor

25/02/2005 Public disclousure

{Fix}

Waiting for an official patch

CorryL
corryl80 () gmail com
www.x0n3-h4ck.org
Italian Security Team

_________________________________
www.seekstat.it is your web stat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • CIS WebServer Directory Traversal Bug CorryL (Feb 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]