TUCoPS :: Web :: Servers :: vqservr1.htm

VqServer directory traversal problem 
Vulnerability

    vqServer

Affected

    Win32

Description

    'SoulPatrol' found following.   This bug was tested  with vqserver
    - Web server for Win95/98/NT and it works with all versions.  It's
    similar to the ICQ Personal Web Server bug: With "..../" after the
    URL of  a vqServer  it's possible  to change  the directory and to
    leave the reserved "public" directory.  If you know the full  path
    and name of a file on the hd, it's possible to download every file
    from that host.

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH