15 lines
No EOL
697 B
Text
15 lines
No EOL
697 B
Text
source: https://www.securityfocus.com/bid/507/info
|
|
|
|
|
|
The WinGate log service is configured by default to only allow connections from 127.0.0.1, but can be set to allow connections from anywhere. Either way, there is a vulnerability that will allow any file to be read through the log service port over an http connection.
|
|
|
|
Update (October 16, 2000):
|
|
|
|
Blue Panda <bluepanda@dwarf.box.sk> has discovered that a variation of the vulnerability exists in recent versions. Using escaped characters, one can achieve the same effect.
|
|
|
|
There are various ways of exploiting this.
|
|
NT and Win9x:
|
|
h t t p://www.server.com:8010/c:/
|
|
h t t p://www.server.com:8010//
|
|
Win9x only:
|
|
h t t p://www.server.com:8010/..../ |