<<< Date Index >>>     <<< Thread Index >>>

Miniwebsvr 0.0.6 - Directory traversal



Hello!

Miniwebsvr 0.0.6 suffers from a directory traversal flaw.

"Exploit" :

        http://yoursite/..%00


Attack vector seems limited as you're only able to list one level down.

Cheers,

Daniel Nyström, daniel.nystrom@xxxxxxxxx
Fredrik Wessberg, fredd3@xxxxxxxxxxx