MiniWeb Directory Traversal and Arbitrary File Upload Vulnerabilities
BID:58946
Info
MiniWeb Directory Traversal and Arbitrary File Upload Vulnerabilities
| Bugtraq ID: | 58946 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2013 12:00AM |
| Updated: | Aug 16 2013 06:46AM |
| Credit: | Akastep |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
MiniWeb Directory Traversal and Arbitrary File Upload Vulnerabilities
MiniWeb is prone to a directory-traversal vulnerability and an arbitrary file-upload vulnerability.
An attacker can exploit these issues to obtain sensitive information, perform spoofing, upload and overwrite arbitrary files, and run it in the context of the web server process.
MiniWeb build 300 is vulnerable; other versions may also be affected.
MiniWeb is prone to a directory-traversal vulnerability and an arbitrary file-upload vulnerability.
An attacker can exploit these issues to obtain sensitive information, perform spoofing, upload and overwrite arbitrary files, and run it in the context of the web server process.
MiniWeb build 300 is vulnerable; other versions may also be affected.
Exploit / POC
MiniWeb Directory Traversal and Arbitrary File Upload Vulnerabilities
An attacker can exploit these issues with a browser.
The following proof of concept and exploits are available:
An attacker can exploit these issues with a browser.
The following proof of concept and exploits are available:
Solution / Fix
MiniWeb Directory Traversal and Arbitrary File Upload Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MiniWeb Directory Traversal and Arbitrary File Upload Vulnerabilities
References:
References: