|
Feeds -
Exploits
|
|
Written by Mountassif Moad
|
|
Wednesday, 04 March 2009 21:51 |
Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability
-\\Bugtraq ID:
33973
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 04 2009 12:00AM
-\\Updated:
Mar 04 2009 12:00AM
-\\Credit:
Mountassif Moad
-\\Vulnerable:
EFS Software Easy File Sharing Web Server 4.8
-\\Discussion
Easy File Sharing Web Server is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.
Easy File Sharing Web Server 4.8 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/disk_c/thumbnail.ghp?vfolder=../../.././/./../../boot.ini
-\\Solution
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Easy File Sharing Web Server Homepage
http://www.sharing-file.com (File Sharing Software)
|
