header-logo
Suggest Exploit
vendor:
HttpServer
by:
malwrforensics
8,8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: HttpServer
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: No
Related CWE: N/A
CPE: a:dolinaysoft:http_server:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2017

HttpServer 1.0 DolinaySoft Directory Traversal

This vulnerability allows an attacker to view arbitrary files within the context of the web server by using a directory traversal attack. This is done by using the '..%5c..%5c' sequence in the URL, which allows the attacker to traverse up the directory tree and access files outside of the web root.

Mitigation:

Ensure that all user input is properly sanitized and validated to prevent directory traversal attacks.
Source

Exploit-DB raw data:

# Exploit Title: HttpServer 1.0 DolinaySoft Directory Traversal
# Date: 2017-03-19
# Exploit Author: malwrforensics
# Software Link: http://www.softpedia.com/get/Internet/Servers/WEB-Servers/HttpServer.shtml#download
# Version: 1.0
# Tested on: Windows

Exploiting this issue will allow an attacker to view arbitrary files
within the context of the web server.

Example:
Assuming the root folder is c:\<app_folder>\<html_folder>

http://<server>/..%5c..%5c/windows/win.ini

Navigation

Suggest Exploit

Services By CQR