CIS WebServer version 3.5.13 is susceptible to a classic directory traversal attack.
93df2506c88017d0e9da0fc1375ee927b8269b2b7e995a36e0a7764f710afd3a
-=[ x0n3-h4ck Italian Security Team ]=-
/*Advisories*\
/*
Application: CIS WebServer
Vendor's Url: www.cisindia.net
Version: 3.5.13
Platforms: Windows
Bug: Directory Traversal
Exploitation: Remote
Author: CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
*\
{Description}
CIS WebServer is an easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.
{Bug}
http://victimhost/../../../windows/repair/sam
A remote user succeds to read the file sam of the system where CIS WebServer
is running
{Vendor Status}
20/02/2005 Vendor notification
21/02/2005 Vendor Response
25/02/2005 No patch relase from vendor
25/02/2005 Public disclousure
{Fix}
Waiting for an official patch
_________________________________
www.seekstat.it is your web stat