Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: ics.htm

ICS HTTPServer retrieve arbitrary files

    ICS HTTPServer


    ICS HTTPServer


    Darkstar found  following.   There's a  security vulnerability  in
    the  Delphi  Internet  Component   Suite's  HTTP  server.    These
    components are widly spread.  The vender has been notified of  the

    The  vulnerability  let's  a  person  download  _any_  file on the
    HTTPServer's  computer  using  a  simple  exploit that can be used
    directly from any internet browser.

    Exploit?  Good old dot-dot exploit...

        - Set the HTTP root to 'c:\httproot' and launch the server
        - Start your browser and type

    Download  the  file  and  crack  it.   You  now have all passwords
    stored in the victims CuteFTP  client.  CuteFTP is just  a sample,
    it could be any program that stores passwords.


    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH