logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Directory Traversal bug in QuickFront webserver
Date: 2003-04-21

Author : Kachlik Jan <jkachlik@isgroup.com>

Advisory Information
--------------------
Name : Directory Traversal bug in QuickFront webserver
Vendor Homepage : http://www.quickfront.com
Platforms : Windows
Vulnerability Type : Directory Traversal
Vendor Contacted : 11/03/2003
Vendor Replied : 12/03/2003
Non affected version : Uknown

Vulnerable Versions: 1.0.0.189
+ all servers based on QuickFront webserver source code.


Product Description
-------------------
QuickFront is webserver writen in Delphi. It's easy and powerfull
for use.

Bug Description
-------------------

When attacker send request to server in these form:

http://<quickfront server>/../../../../../boot.ini

server reply boot.ini file.
This bug working with unicode chars too.

Solution
-------------------
Vendor was contacted 11/03/2003. Solutions is install latest version
2002.0.02.0916 with new structure and technology.


Credits
-------
+---------------------------------+
' Kachlik Jan '
' Security & Network Specialist '
' InterSource Solutions Group '
' Mathonova 25, 613 00 Brno CZ '
' Mail: jkachlik@isgroup.com '
+---------------------------------+



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy