FastStone 4in1 Browser 1.2 Web Server Remote Directory Traversal Vulnerability

2005-03-29T00:00:00
ID EDB-ID:25319
Type exploitdb
Reporter Donato Ferrante
Modified 2005-03-29T00:00:00

Description

FastStone 4in1 Browser 1.2 Web Server Remote Directory Traversal Vulnerability. CVE-2005-0950 . Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/12937/info

A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

This issue could be exploited to gain read access to files on a host using the vulnerable software. Read privileges granted to these files would be restricted by the permissions of the web server process.

This vulnerability is reported to affect FastStone 4in1 Browser version 1.2, previous versions might also be affected. 

http://www.example.com/.../.../.../.../.../.../windows/system.ini
http://www.example.com/..\..\..\..\..\..\..\..\windows/system.ini