Users login

Create an account »


Users login

Home » Hacking News » Web root exposure in HSWeb Webserver

Web root exposure in HSWeb Webserver

by Phiber on February 5th, 2001 HSWeb v2.0 is a webserver available here and here. Any remote user can discover the physical path of the web root if directory browsing is enabled.


If directory browsing is enabled, then going to the following URL:


will cause HSWeb to respond with:

Directory listing of d:hsWWWRootcgi

Type File Name Size Last Modified

[DIR] Parent Directory - Sun. 28 Jan 2001 10:38:08 GMT


- Turn off directory browsing.

Vendor Status

The author of the program, Jeff Heaton, was notified via
on Sunday, January 28, 2001. No reply was received.

- Contributed by Joe Testa by a mailing list

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »