OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: se00020LION.CC
Date: Sat Mar 03 2001 - 03:36:52 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    it is possible to view dir. and (download) files outside
    of the wwwroot directory.

    Exploit:
    http://127.0.0.1/.../
    http://127.0.0.1/.../.../directory/file.xxx

    Solution:

    disable folder listings (it is enabled by default), which
    will secure you from
    viewing dir. outside of the wwwroot dir.But it is still
    possible to download
    or view files when the location is known.

    the author has been contacted on 03.March.2001.
    No reply was received yet.

    se00020fhs-hagenberg.ac.at