Bugtraq mailing list archives
Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
From: Tekno pHReak <tek () superw00t com>
Date: 10 Mar 2002 04:23:45 -0000
Pi3Web/2.0.0 File-Disclosure/Path Disclosure *************************************************** Vulnerability ************* Discovered by: Teknophreak of Malloc() ************************************** Date: March 9 2002 ******************* Contact: tek () superw00t com *************************** Pi3Web is a Webserver available for multiple Microsoft Windows platforms. There are multiple disclosure flaws within the webserver that may assist an attacker in performing more concentrated attacks against the server and also can allow the disclosure of sensitive files on the webserver. To see the webroot directory just simply cause a 404 error: http://pi3web-host.com/fake_page To view files on the web server that you are not supposted to be seen do something like: http://pi3web-host.com/*.extension Quick Fix: ------------- Don't use it or wait for vendor patch.
Current thread:
- Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln Tekno pHReak (Mar 11)