header-logo
Suggest Exploit
vendor:
TinyWeb Server
by:
Unknown
5.5
CVSS
MEDIUM
Unauthorized Script Disclosure
22
CWE
Product Name: TinyWeb Server
Affected Version From: 1.92
Affected Version To: 1.92
Patch Exists: NO
Related CWE: CVE-2004-2582
CPE: a:ritlabs:the_bat!:::home
Metasploit:
Other Scripts:
Platforms Tested: Windows
2004

TinyWeb Server Unauthorized Script Disclosure Vulnerability

TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input to prevent bypassing of standard web server rules. Also, restrict access to sensitive directories like 'cgi-bin'.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10445/info

TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules.

This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.

This issue is reported to affect TinyWeb 1.92, it is likely that other versions are also vulnerable. 

http://www.example.com/./cgi-bin/targetfile