Multible Vulnerabilites in Aldos Webserver ==========================================
Aldo's Web Server is a super-compact Web service daemon that not only let you share easily your files, it also acts as a Advertisment or site blocker.
Version: ========
1.5 on Windows Platform
Vulnerabilities: ================
1) Physical Path Disclosure
Connecting to Aweb via Telnet/Netcat, and entering any character will lead to an output similar to this:
"Oliver_karow||D:\webserverMAI\aweb\"
whereby oliver_karow is the user which runs the webserver process.
2) Directory Traversal
Connecting to Aweb via Telnet/Netcat, and requesting a file like "GET /../../../boot.ini HTTP/1.0" enables an attacker to get access to files outside of the webroot folder.
Vendor: =======
www.aldostools.com
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
