===[ HackTrack - Advisory ]================[ Adv. ID: 2003-03-001 ]==

Advisory Information
--------------------
Name                   : Directory Traversal bug in QuickFront webserver
Vendor Homepage        : http://www.quickfront.com
Platforms              : Windows
Vulnerability Type     : Directory Traversal
Vendor Contacted       : 11/03/2003
Vendor Replied         : 12/03/2002
Non affected version   : Uknown

Vulnerable Versions: 1.0.0.189
+ all servers based on QuickFront webserver source code.


Product Description
------------------- 
QuickFront is webserver writen in Delphi. It's easy and powerfull
 for use. 

Bug Description
-------------------

When attacker send request to server in these form:

 http://<quickfront server>/../../../../../boot.ini

server reply boot.ini file.
This bug working with unicode chars too.

Solution
-------------------
Vendor was contacted 11/03/2003. Solutions is install latest version
 2002.0.02.0916 with new structure and technology.


Credits
-------
 +---------------------------------+
 ' Kachlik Jan                     '
 ' Security & Network Specialist   '
 ' InterSource Solutions Group     '
 ' Mathonova 25, 613 00 Brno CZ    '
 ' Mail: jkachlik@isgroup.com      '
 +---------------------------------+