Abyss Web Server version 1.0.3 shows file and directory content
Overview
Abyss Web Server version 1.0.3 shows file and directory content
Discovered on 2002, June, 30th
Vendor: Aprelium
Abyss Web Server 1.0.3 is a free personal web server available for Windows and Linux operating systems. This web server can shows file and directory content. Only Windows version of Abyss is vulnerable.
Risk
| Exploit easiness |  |
| Vulnerability spreading |  |
| Impact | |
| Risk | |
Details
When sending a GET with more than 256 slashes ("/"), then the server shows all files in the directory content. A hacker can see all hidden (non-HTML linked) files and directories on the server. This work only on Windows platforms. On Linux platform, this request is handled, and return a 414 (Request-URI Too Large) error.
Exploit
The exploit is really easy. You can do it with any browser by using this syntax :
http://<Abyss_server>///////////////////////...(more than 256 times)...///
Of course, replace <Abyss_server> by the vulnerable server.
You will get this page :
Solution
The vendor has been informed and has solved the problem.
Download Abyss Web Server 1.0.7.
Discovered by
Arnaud Jacques aka scrap
webmaster@securiteinfo.com
Tags
Inscription à notre lettre d'information
Inscrivez-vous à notre lettre d'information pour vous tenir au courant de nos actualités et de nos dernières trouvailles.
© 2000-2026 - Tous droits réservés SecuriteInfo.com