| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jun 2003 13:28:02 +0400 From: Over_G <overg@...l.ru> To: bugtraq@...urityfocus.com Subject: Directory traversal in NucaWeb Server Product: Nuca WebServer Version: 0.01 OffSite: http://www.geocities.com/nucainterface Problem: Directory traversal ------------------------------------------------ NucaWebServer - server, written in Delphi. This server have a large problem - Atacker may view all files on hard disk. The server does not process the entering data. http://[victim]/../existing_file Example: http://[victim]/../webserver.ini and you may be view webserver configuration. [Configuration] SSL=0 Port=80 Root=D:\webservers\Nms\web Authentic=0 Username= Password= www.overg.com www.dwcgr0up.com regards, Over G[DWC Gr0up]
Powered by blists - more mailing lists