[11536] in bugtraq
/../ - bug in vqServer for Win
daemon@ATHENA.MIT.EDU (SoulPatrol)
Sat Aug 28 01:36:33 1999
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0042_01BEEF48.13C34280"
Message-Id: <004501beef37$52e176a0$dc099fc1@soulpatr>
Date: Wed, 25 Aug 1999 22:20:46 +0200
Reply-To: SoulPatrol <Soul_Patrol@GMX.NET>
From: SoulPatrol <Soul_Patrol@GMX.NET>
X-To: Bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_0042_01BEEF48.13C34280
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I suppose this hasn't been to Bugtraq until now.=20
This bug was tested with vqserver - Web server for Win95/98/NT and it =
works with all versions. It's similar to the ICQ Personal Web Server =
bug: With "..../" after the URL of a vqServer it's possible to change =
the directory and to leave the reserved "public" directory. If you know =
the full path and name of a file on the hd, it's possible to download =
every file from that host.
CU, SoulPatrol
------=_NextPart_000_0042_01BEEF48.13C34280
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>I suppose this hasn't =
been to Bugtraq=20
until now. </FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>This bug was tested =
with vqserver -=20
Web server for Win95/98/NT and it works with all versions. It's similar =
to the=20
ICQ Personal Web Server bug: With "..../" after the URL of a =
vqServer=20
it's possible to change the directory and to leave the reserved=20
"public" directory. If you know the full path and name of a =
file on=20
the hd, it's possible to download every file from that =
host.</FONT></DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT color=3D#000000 face=3DArial size=3D2>CU,=20
SoulPatrol</FONT></DIV></BODY></HTML>
------=_NextPart_000_0042_01BEEF48.13C34280--
