Systems Affected: Microsoft Windows NT 4.0 (all versions) Microsoft Windows 2000 (SP3 and earlier) Microsoft Windows XP (all versions) windows 9x
Description: Easy Chat Server is a easy, fast and affordable way to host and manage your own real-time communication software, it allows friends/colleagues to chat with you through a Web Browser (IE, Netscape, Opera etc.) on any computer (Windows, Linux, Solaris...) without any special plug-ins or software. It can help you setup your community chat rooms, collaborative work sessions or online meetings.
A simple Directory traversal problem has been identified in Easy chat server 1.2 that may allow a remote user to read files outside the WWW directory.
Example: /../../boot.ini
Workaround: Use another product.
Pr00f of concept code: sorry, nothing at the moment but some pr00f of concept exploit may emerge soon.
Thanks for shareing this info with us I love these directory transversals! I think there are quite a few of them out there I have probly 50 in my collection but i am sure there are many more out there
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
