Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Web root exposure in HSWeb Webserver

Web root exposure in HSWeb Webserver

by Phiber on February 5th, 2001 HSWeb v2.0 is a webserver available here and here. Any remote user can discover the physical path of the web root if directory browsing is enabled.


Details



If directory browsing is enabled, then going to the following URL:



http://localhost/cgi/



will cause HSWeb to respond with:



Directory listing of d:hsWWWRootcgi



Type File Name Size Last Modified



[DIR] Parent Directory - Sun. 28 Jan 2001 10:38:08 GMT







Solution



- Turn off directory browsing.







Vendor Status



The author of the program, Jeff Heaton, was notified via
on Sunday, January 28, 2001. No reply was received.



- Contributed by Joe Testa by a mailing list


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »