FastStone 4in1 Browser 1.2 - Web Server Directory Traversal

2005-03-29T00:00:00
ID EXPLOITPACK:50B1E4AEBCE404F8D3241F4F95A531E1
Type exploitpack
Reporter Donato Ferrante
Modified 2005-03-29T00:00:00

Description

FastStone 4in1 Browser 1.2 - Web Server Directory Traversal

                                        
                                            source: https://www.securityfocus.com/bid/12937/info

A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

This issue could be exploited to gain read access to files on a host using the vulnerable software. Read privileges granted to these files would be restricted by the permissions of the web server process.

This vulnerability is reported to affect FastStone 4in1 Browser version 1.2, previous versions might also be affected. 

http://www.example.com/.../.../.../.../.../.../windows/system.ini
http://www.example.com/..\..\..\..\..\..\..\..\windows/system.ini