Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Essentia Web Server Directory Traversal Vulnerability

Essentia Web Server Directory Traversal Vulnerability

by Nikola Strahija on February 23rd, 2002 Adding the string "/../" to an URL allows an attacker to view and download any file on the server. Tested: Windows 2000 / Essentia Web Server 2.1


Product / Vendor:

The Essentia Web Server provides Enhanced Web Application and
Communication Services. Whether you are setting up a simple Web Site
on your Corporate Intranet or creating large sites for the Internet,
Essentia provides a simple and flexible way to make an even stronger
Web and Applications Platform.

http://www.essencomp.com/

Summary:

Adding the string "/../" to an URL allows an attacker to view and
download any file on the server.

http://host/../../

Tested:

Windows 2000 / Essentia Web Server 2.1

Vulnerable:

Essentia Webserver 2.1 (And may be other.)

Disclaimer:

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:

Tamer Sahin
[email protected]
http://www.securityoffice.net


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »