[24609] in bugtraq
Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
daemon@ATHENA.MIT.EDU (Tekno pHReak)
Mon Mar 11 12:08:31 2002
Date: 10 Mar 2002 04:23:45 -0000
Message-ID: <20020310042345.5422.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Tekno pHReak <tek@superw00t.com>
To: bugtraq@securityfocus.com
Pi3Web/2.0.0 File-Disclosure/Path Disclosure
***************************************************
Vulnerability
*************
Discovered by: Teknophreak of Malloc()
**************************************
Date: March 9 2002
*******************
Contact: tek@superw00t.com
***************************
Pi3Web is a Webserver available for multiple
Microsoft Windows
platforms.
There are multiple disclosure flaws within the
webserver
that may assist an attacker in performing more
concentrated
attacks against the server and also can allow the
disclosure
of sensitive files on the webserver.
To see the webroot directory just simply cause a 404
error:
http://pi3web-host.com/fake_page
To view files on the web server that you are not
supposted to
be seen do something like:
http://pi3web-host.com/*.extension
Quick Fix:
-------------
Don't use it or wait for vendor patch.
