[12366] in bugtraq
URL Live! 1.0 WebServer
daemon@ATHENA.MIT.EDU (UNYUN)
Thu Oct 28 13:22:44 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <381858061D6.B951SHADOWPENGUIN@fox.nightland.net>
Date: Thu, 28 Oct 1999 23:04:54 +0900
Reply-To: UNYUN <shadowpenguin@BACKSECTION.NET>
From: UNYUN <shadowpenguin@BACKSECTION.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Hello
URL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific
Software Publishing, Inc. (http://www.urllive.com/) also has a "../"
security problem, any users can download any files on the victim host.
example:
http://www.xxx.yy.jp/../../../../config.sys
-----
The Shadow Penguin Security (http://shadowpenguin.backsection.net)
Webmaster / UNYUN (shadowpenguin@backsection.net)
