header-logo
Suggest Exploit
vendor:
LocalWEB2000
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: LocalWEB2000
Affected Version From: LocalWEB2000
Affected Version To: LocalWEB2000
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:localweb:localweb_2000
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

LocalWEB2000 Directory Traversal

LocalWEB2000 is vulnerable to a directory traversal attack, which allows an attacker to gain read access to files on the server. This is achieved by sending a specially crafted HTTP request with a known filename. For example, an attacker can send a request for the file "autoexec.bat" located in the root directory of the server, by sending the following request: http://target/../../../autoexec.bat

Mitigation:

Upgrade to the latest version of LocalWEB2000.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2268/info

LocalWEB2000 is subject to a directory traversal. Requesting a specially crafted HTTP request with a known filename will enable an attacker to gain read access to the requested file. 

http://target/../../../autoexec.bat

Navigation

Suggest Exploit

Services By CQR