|
|
|
|
| |
| NetServe is "a super compact Web Server and File Sharing application for Windows NT, 95, 98, 2000, and XP". A vulnerability in the product allows remote attackers to view arbitrary files, thus expose the server's files to remote reading, and the NetServe's administrator password to anyone that desires to have it. |
| |
Credit:
The information has been provided by nimber.
|
| |
Vulnerable systems:
* NetServe version 1.0.7
Directory Traversal:
The NetServe server does not properly filter out " /../../ ", this allows an attacker to view files that reside below the bounding HTML root directory.
Example:
You can view either directories http://[victim]/../test/, or files http://[victim]/../test/test.txt.
Configuration Disclosure:
By default in NetServe's configuration files resides a single director below the wwwroot's. This means that using the above vulnerability a remote attacker can download the remote server's configuration by requesting a special URL.
Example:
By requesting http://[victim]/../config.dat, it is possible to view the server's configuration file.
Access to the Administrative Password:
The config.dat file contains a line like: Users username|password|...
This means that anyone can after obtaining this password, remotely configure the web server to do whatever he wants.
|
|
|
|
|
|
|
