Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] CIS WebServer Directory Traversal Bug

from [CorryL] Network Security [Permanent Link]
Subject: [Full-Disclosure] CIS WebServer Directory Traversal Bug
Date: Fri, 25 Feb 2005 18:33:54 +0100 
-=[ x0n3-h4ck Italian Security Team ]=-

/*Advisories*\

/*

Application: CIS WebServer

Vendor's Url: www.cisindia.net

Version: 3.5.13

Platforms: Windows

Bug: Directory Traversal

Exploitation: Remote

Author: CorryL

corryl80@gmail.com

www.x0n3-h4ck.org

*\



{Description}

CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.


{Bug}

http://victimhost/../../../windows/repair/sam

A remote user succeds to read the file sam of the system where CIS WebServer
is running



{Vendor Status}

20/02/2005 Vendor notification

21/02/2005 Vendor Response

25/02/2005 No patch relase from vendor

25/02/2005 Public disclousure

{Fix}

Waiting for an official patch

CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
Italian Security Team

_________________________________
www.seekstat.it is your web stat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] CIS WebServer Directory Traversal Bug, CorryL <=
Previous by Date:  RE: [Full-Disclosure] Xfree86 video buffering?, Cassidy Macfarlane
Next by Date:  Re: [Full-Disclosure] phpWebSite-0.10.0_exploit, Colin . Scott
Previous by Thread:  [Full-Disclosure] [USN-85-1] Gaim vulnerabilities, Martin Pitt
Next by Thread:  [Full-Disclosure] RE: Firescrolling [Firefox 1.0], Eric McCarty
Indexes:  [Date] [Thread] [Top] [All Lists]