This is a multi-part message in MIME format. ------=_NextPart_000_0042_01BEEF48.13C34280 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I suppose this hasn't been to Bugtraq until now.=20 This bug was tested with vqserver - Web server for Win95/98/NT and it = works with all versions. It's similar to the ICQ Personal Web Server = bug: With "..../" after the URL of a vqServer it's possible to change = the directory and to leave the reserved "public" directory. If you know = the full path and name of a file on the hd, it's possible to download = every file from that host. CU, SoulPatrol ------=_NextPart_000_0042_01BEEF48.13C34280 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT color=3D#000000 face=3DArial size=3D2>I suppose this hasn't = been to Bugtraq=20 until now. </FONT></DIV> <DIV><FONT color=3D#000000 face=3DArial size=3D2>This bug was tested = with vqserver -=20 Web server for Win95/98/NT and it works with all versions. It's similar = to the=20 ICQ Personal Web Server bug: With "..../" after the URL of a = vqServer=20 it's possible to change the directory and to leave the reserved=20 "public" directory. If you know the full path and name of a = file on=20 the hd, it's possible to download every file from that = host.</FONT></DIV> <DIV><FONT color=3D#000000 face=3DArial size=3D2></FONT> </DIV> <DIV><FONT color=3D#000000 face=3DArial size=3D2>CU,=20 SoulPatrol</FONT></DIV></BODY></HTML> ------=_NextPart_000_0042_01BEEF48.13C34280--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:54 PDT