Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
TinyWeb Server Unauthorized Script Disclosure Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
TinyWeb Server
by:
Unknown
5.5
CVSS
MEDIUM
Unauthorized Script Disclosure
22
CWE
Product Name: TinyWeb Server
Affected Version From: 1.92
Affected Version To: 1.92
Patch Exists: NO
Related CWE: CVE-2004-2582
CPE: a:ritlabs:the_bat!:::home
Metasploit:
Other Scripts:
Platforms Tested: Windows
2004

TinyWeb Server Unauthorized Script Disclosure Vulnerability

TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input to prevent bypassing of standard web server rules. Also, restrict access to sensitive directories like 'cgi-bin'.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10445/info

TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules.

This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.

This issue is reported to affect TinyWeb 1.92, it is likely that other versions are also vulnerable. 

http://www.example.com/./cgi-bin/targetfile

Navigation

Suggest Exploit

Services By CQR