[19469] in bugtraq
SlimServe HTTPd ver. 1.1a Directory Traversal
daemon@ATHENA.MIT.EDU (se00020@LION.CC)
Sun Mar 4 17:44:51 2001
Message-ID: <20010303093652.7476.qmail@securityfocus.com>
Date: Sat, 3 Mar 2001 09:36:52 -0000
Reply-To: se00020@LION.CC
From: se00020@LION.CC
To: BUGTRAQ@SECURITYFOCUS.COM
it is possible to view dir. and (download) files outside
of the wwwroot directory.
Exploit:
http://127.0.0.1/.../
http://127.0.0.1/.../.../directory/file.xxx
Solution:
disable folder listings (it is enabled by default), which
will secure you from
viewing dir. outside of the wwwroot dir.But it is still
possible to download
or view files when the location is known.
the author has been contacted on 03.March.2001.
No reply was received yet.
se00020@fhs-hagenberg.ac.at
