A directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected: 1.0.0.189.
fd6ebb0828f5cb6e82c9eee40aa6c2ec59a5dc98c91a65464b19819116f6bf26
===[ HackTrack - Advisory ]================[ Adv. ID: 2003-03-001 ]==
Advisory Information
--------------------
Name : Directory Traversal bug in QuickFront webserver
Vendor Homepage : http://www.quickfront.com
Platforms : Windows
Vulnerability Type : Directory Traversal
Vendor Contacted : 11/03/2003
Vendor Replied : 12/03/2002
Non affected version : Uknown
Vulnerable Versions: 1.0.0.189
+ all servers based on QuickFront webserver source code.
Product Description
-------------------
QuickFront is webserver writen in Delphi. It's easy and powerfull
for use.
Bug Description
-------------------
When attacker send request to server in these form:
http://<quickfront server>/../../../../../boot.ini
server reply boot.ini file.
This bug working with unicode chars too.
Solution
-------------------
Vendor was contacted 11/03/2003. Solutions is install latest version
2002.0.02.0916 with new structure and technology.
Credits
-------
+---------------------------------+
' Kachlik Jan '
' Security & Network Specialist '
' InterSource Solutions Group '
' Mathonova 25, 613 00 Brno CZ '
' Mail: jkachlik@isgroup.com '
+---------------------------------+