what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

liteserve.2.0.txt

liteserve.2.0.txt
Posted Oct 25, 2002
Authored by Tamer Sahin | Site securityoffice.net

The Liteserve Web Server v2.0 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.

tags | remote, web
systems | windows
SHA-256 | 1ad0b43d131843b5736e0561fcc1a675759e988ac4a519a13fc34d067e8ed50f

liteserve.2.0.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ Liteserve Web Server v2.0 Authorization Bypass Vulnerability ]--

- --[ Type

File Disclosure

- --[ Release Date

October 24, 2002

- --[ Product / Vendor

LiteServe is a powerful, full-featured Web, EMail and FTP server. This server software
is perfect for personal websites or commercial sites with high traffic demands and
multiple domains. All the services that you need work together efficiently in one
program to provide you with a feature-packed server solution that is easy to setup,
manage, and monitor.

http://www.cmfperception.com

- --[ Summary

It is possible to construct a web request which is capable of accessing the contents
of password protected files/folders on the Liteserve Web Server v2.0. This
vulnerability may only be exploited to access password-protected files in sub-folders
of wwwroot.

http://host/./secret/

- --[ Tested

Windows 2000 Sp3 / Liteserve Web Server v2.0
Windows 98 SE / Liteserve Web Server v2.0

- --[ Vulnerable

Liteserve Web Server v2.0

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any
of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback@securityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPbhAePpL5ibJRTtBAQFM5Qf/Vc+v5/5uJumdzWohzxfzUE7stnz1pYZ9
iyHt5xU7faNLZURJ4I7ZfQdC05d8U4PdApMP2cvTtN+UYJrsaaLrk3MZ0UVSNC3V
J7yDYq6tupMNutbKIP3S0cA5eiEeN5mV2RJC+AibFzD434xi1heB3xl1Usi4zhdN
VEySNLu4/GG4TWfLZTLmxNcwBqKx4JQ4BxEVF2pcjzHqnCxOvHcLo1asQw6+Zrk0
m/TF2+J1Sf5OotvMsynBfd7XZogM5exdfTp+OQEaduntHdW9H6bPrGjwmclC59tt
btJWrMracsUGjp9r+SH1sa4VmWUaikpnNpNDHlrAi/S70C+vLSdFXg==
=89D2
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close