|
|
| |
| A vulnerability in 24Link Web Server allows an attacker to view any password-protected file on the Web Server, provided that the Authorization option "Check User Name and Password On all Requests" wasn't chosen (this causes the server to ask for a user name and password for every request sent to the server). If specific files are password protected (For example the access.txt log file is password protected by default) you can bypass the password protection by appending a special set of characters to the filename in the request that is sent to the server. |
| |
Credit:
The information has been provided by phriction.
|
| |
Vulnerable systems:
24Link version 1.06
Example:
Adding any of the following to a normal request will cause the web server to provide access to the file without prompting for a username or password.
+/
/./
/+./
/++/
/++./
or a combination of any of the above along with a series of ending slashes (two or more /'s up to around 200).
For example:
http://www.example.com/++//////protected.html
|
|
|
|
|
