MetaProducts Offline Explorer 1.x File System Disclosure Vulnerability

2000-12-07T00:00:00
ID EDB-ID:20488
Type exploitdb
Reporter Dodger
Modified 2000-12-07T00:00:00

Description

MetaProducts Offline Explorer 1.x File System Disclosure Vulnerability. CVE-2001-0038 . Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/2084/info

MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.

It is possible to view the full contents of the directory structure of a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve a directory listing and browse its contents without any authorization whatsoever by issuing a GET request followed by a corresponding physical or logical drive letter.

Eg.

http://target:800/C:/
will reveal a directory listing for drive C.