HTTP File Server 2.2 - Security Bypass and Denial of Service Vulnerabilities

2010-04-19T00:00:00
ID EDB-ID:33841
Type exploitdb
Reporter Luigi Auriemma
Modified 2010-04-19T00:00:00

Description

HTTP File Server 2.2 Security Bypass and Denial of Service Vulnerabilities. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/39544/info

HTTP File Server is prone to multiple vulnerabilities including a security-bypass issue and a denial-of-service issue.

Exploiting these issues will allow an attacker to download files from restricted directories within the context of the application or cause denial-of-service conditions. 

http://www.example.com/protected_folder/secret_file.txt%00
http://www.example.com/?search=%25%25