Pi3Web/2.0.0 File-Disclosure/Path Disclosure *************************************************** Vulnerability ************* Discovered by: Teknophreak of Malloc() ************************************** Date: March 9 2002 ******************* Contact: tek@superw00t.com *************************** Pi3Web is a Webserver available for multiple Microsoft Windows platforms. There are multiple disclosure flaws within the webserver that may assist an attacker in performing more concentrated attacks against the server and also can allow the disclosure of sensitive files on the webserver. To see the webroot directory just simply cause a 404 error: http://pi3web-host.com/fake_page To view files on the web server that you are not supposted to be seen do something like: http://pi3web-host.com/*.extension Quick Fix: ------------- Don't use it or wait for vendor patch.
