Exploit Microsoft FrontPage Personal Web Server 1.0/4.0 - Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19753
Проверка EDB
  1. Пройдено
Автор
KIBORG
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-1999-0386
Дата публикации
1996-01-17
Microsoft FrontPage Personal Web Server 1.0/4.0 - Directory Traversal
Код:
source: https://www.securityfocus.com/bid/989/info

Microsoft's Personal Web Server and Front Page Personal Web Server will follow '/..../' strings in requested URLs, allowing remote users to obtain unauthenticated read access to files and directories on the same logical drive as the web content. Hidden files are viewable via this method, although the Front Page directory itself is not. The name and path of the desired file must be known to the attacker.

Note that while these programs support Windows 95, 98 and NT, only the Win9x versions are vulnerable. 

http://target/..../directory/filename.ext
 
Источник
www.exploit-db.com

Похожие темы