0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

GoAheaad Webserver Source Code Disclosure Vulnerability

Author

Sil3nt_Dre4m

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

=======================================================
GoAheaad Webserver Source Code Disclosure Vulnerability
=======================================================


# Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability
# Date: 5-28-10
# Author: Sil3nt_Dre4m
# Software Link:
http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip
# Version: 2.18 and earlier
# Tested on: Windows
# Affects: Windows platform only
# Code : http://ip.address.of.server/forms.asp.
http://ip.address.of.server/forms.asp%20
 
Description of Software: "The GoAhead WebServer is a fast and efficient
standards-based Web server designed for cross-platform support.
While WebServer is designed for embedded devices it is nevertheless a fully
functional web server and its use is not limited to
embedded devices. WebServer's small foot-print and efficient design make it
well suited for a wide range of applications."
-quote from http://www.goahead.com/products/webserver/Default.aspx
 
Problem: Appending a '.' or '%20' to a URL will result in a source code
disclosure of whichever file is requested.
This did not work for files in /cgi-bin/ directory when tested, but seems to
work for other files/directories.
This technique only works on Windows systems, as Windows ignores periods and
spaces after files.
Sadly this software has not been updated since 2003 and remains public
despite known vulnerabilities dating to 2003/2004.



#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

GoAheaad Webserver Source Code Disclosure Vulnerability

Report Error

Report Error