Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Multiple Vulnerabilities in Web Forums Server

from [R00tCr4ck] Network Security [Permanent Link]
Subject: [VulnWatch] Multiple Vulnerabilities in Web Forums Server
Date: Tue, 2 Nov 2004 18:06:16 +0000 
#####################################
# CHT Security Research Center-2004 #
# http://www.CyberSpy.Org           #
# Turkey                            #
#####################################

Software:
Web Forums Server

Web Site:
http://www.minihttpserver.net

Affected Version(s):
1.6,2.0 Power Pack(current)

Description:
Web Forums Server is "all in one" Web Server for Microsoft Windows Operating
Systems.
Web Forums Server have a build in User manage system, Message Board system,
ShareFile System
,Share Photo System.include a powerful, flexible, compliant web server.
Implements the latest protocols,including HTTP/1.1 (RFC2616)

Multiple Vulnerabilities in Web Forums Server:

Directory Traversal Vulnerability:

There is directory traversal vulnerability in Web Forums Server that may allow a
remote attacker
to view files residing outside of the web server root directory.

Examples:

http://[victim]/..\..\..\file.ext
http://[victim]/../../../file.ext
or as encoded format:
http://[victim]/%2E%2E%5C%2E%2E%5C%2E%2E%5Cfile.ext
http://[victim]/%2E%2E%2F%2E%2E%2F%2E%2E%2Ffile.ext


Plaintext Password Vulnerability:

Web Forums Server stores all accounts with the passwords in plaintext using
Username.ini file.
So this could lead to users gaining unauthorized access to passwords,
and potentially unauthorized access to the Web Forums Server.

---
Reported By R00tCr4ck at November,2 2004
contact:
root(at)CyberSpy.Org
Original article can be found at http://www.CyberSpy.Org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Multiple Vulnerabilities in Web Forums Server, R00tCr4ck <=
Previous by Date:  zlib 1.2.2 released, Mark Adler
Next by Date:  zlib 1.2.2 released, Mark Adler
Previous by Thread:  zlib 1.2.2 released, Mark Adler
Next by Thread:  [Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com, Rafel Ivgi, The-Insider
Indexes:  [Date] [Thread] [Top] [All Lists]