header-logo
Suggest Exploit
vendor:
vqServer
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: vqServer
Affected Version From: vqServer for Windows
Affected Version To: vqServer for Windows
Patch Exists: YES
Related CWE: CVE-2002-0991
CPE: a:vqsoft:vqserver
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Directory Traversal in vqSoft vqServer for Windows

vqSoft vqServer for Windows is vulnerable to a directory traversal attack, which allows an attacker to access files outside of the web directory structure by appending a variable number of "../" and a known filename to an HTTP GET request.

Mitigation:

Restrict access to the web server directory structure and ensure that all files are stored in a secure location.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1067/info

Some versions of vqSoft vqServer for Windows are vulnerable to the common ../../ method of retrieving known files from outside of the web directory structure, accomplished by appending a variable number of "../" and a known filename to an HTTP GET request. 

http://target/../../../../../autoexec.bat

Navigation

Suggest Exploit

Services By CQR