Reported
November 20, 2003, by nimber.
VERSIONS
AFFECTED
Net-X Solutions Ltd’s
NetServe 1.0.7
DESCRIPTION
Two newly discovered vulnerabilities in Net-X
Solutions Ltd’s NetServe 1.0.7 can result in the remote compromise of the
vulnerable system. The first vulnerability is a directory-traversal
vulnerability, and the second vulnerability is a configuration- and
password-disclosure vulnerability.
DEMONSTRATION
Directory Traversal:
The NetServe server doesn’t properly filter " /../../ ", thereby
permitting an attacker to view files that reside below the bounding HTML root
directory.
Example:
Configuration Disclosure:
VENDOR
RESPONSE
CREDIT
Discovered by
nimber.
The discoverer has posted the following scenarios as proof of concept:
You can view either directories http://\[victim\]/../test/, or files
http://\[victim\]/../test/test.txt.
By default, NetServe's configuration files contain a directory below the
wwwroot's. Using the above vulnerabilities, a remote attacker can download the
remote server's configuration by requesting a special URL.
Example:
By requesting http://\[victim\]/../config.dat, an attacker can view the
server's configuration file.
Net-X Solutions Ltd has been notified.
Multiple Vulnerabilities in NetServe Web Server for Windows
0 comments
Hide comments