Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln

From: Tekno pHReak <tek () superw00t com>
Date: 10 Mar 2002 04:23:45 -0000


Pi3Web/2.0.0 File-Disclosure/Path Disclosure 
***************************************************
Vulnerability
*************

Discovered by: Teknophreak of Malloc()
**************************************
Date: March 9 2002
*******************
Contact: tek () superw00t com
***************************

Pi3Web is a Webserver available for multiple 
Microsoft Windows
platforms. 


There are multiple disclosure flaws within the 
webserver 
that may assist an attacker in performing more 
concentrated
attacks against the server and also can allow the 
disclosure
of sensitive files on the webserver.

To see the webroot directory just simply cause a 404 
error:

http://pi3web-host.com/fake_page


To view files on the web server that you are not 
supposted to
be seen do something like:

http://pi3web-host.com/*.extension




Quick Fix:
-------------

Don't use it or wait for vendor patch.
Previous By Date Next
Previous By Thread Next

Current thread: