AOH :: HP Unsorted M :: C07-2304.HTM

Miniwebsvr 0.0.6 - Directory traversal



Miniwebsvr 0.0.6 - Directory traversal
Miniwebsvr 0.0.6 - Directory traversal



Hello!

Miniwebsvr 0.0.6 suffers from a directory traversal flaw.

"Exploit" :

http://yoursite/..%00 


Attack vector seems limited as you're only able to list one level down.

Cheers,

Daniel Nystr=F6m, daniel.nystrom@xored.net 
Fredrik Wessberg, fredd3@hotmail.com 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.