Bugtraq mailing list archives
Lil' HTTP Server Directory Traversal Vulnerability
From: "Matthew Murphy" <mattmurphy () kc rr com>
Date: Sun, 21 Apr 2002 10:00:32 -0500
Lil' HTTP Server is a Windows HTTP server that supports several features in a relatively compact application. It is vulnerable to a classic (stupid) attack: http://[target]/../../windows/win.ini This link will read WIN.INI on Windows 95/98/Me, and with a slight modification ("winnt" instead of "windows") would do the same on an NT box. Scott Slater, the author of the tool, assured me that "we will look into this and update it very soon". This is encouraging to me, but the ease with which this attack is conducted scares me.
Current thread:
- Lil' HTTP Server Directory Traversal Vulnerability Matthew Murphy (Apr 22)