Lucene search

HackTrack-2003-03-001.txt

🗓️ 10 Apr 2003 00:00:00Reported by Kachlik JanType

packetstorm🔗 packetstormsecurity.com👁 27 Views

Directory Traversal vulnerability in QuickFront webserver allows unauthorized file access.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`===[ HackTrack - Advisory ]================[ Adv. ID: 2003-03-001 ]==  
  
Advisory Information  
--------------------  
Name : Directory Traversal bug in QuickFront webserver  
Vendor Homepage : http://www.quickfront.com  
Platforms : Windows  
Vulnerability Type : Directory Traversal  
Vendor Contacted : 11/03/2003  
Vendor Replied : 12/03/2002  
Non affected version : Uknown  
  
Vulnerable Versions: 1.0.0.189  
+ all servers based on QuickFront webserver source code.  
  
  
Product Description  
-------------------   
QuickFront is webserver writen in Delphi. It's easy and powerfull  
for use.   
  
Bug Description  
-------------------  
  
When attacker send request to server in these form:  
  
http://<quickfront server>/../../../../../boot.ini  
  
server reply boot.ini file.  
This bug working with unicode chars too.  
  
Solution  
-------------------  
Vendor was contacted 11/03/2003. Solutions is install latest version  
2002.0.02.0916 with new structure and technology.  
  
  
Credits  
-------  
+---------------------------------+  
' Kachlik Jan '  
' Security & Network Specialist '  
' InterSource Solutions Group '  
' Mathonova 25, 613 00 Brno CZ '  
' Mail: [email protected] '  
+---------------------------------+   
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Apr 2003 00:00Current

7.4High risk

Vulners AI Score7.4