LiteWEB Web Server 2.5 - Authentication Bypass
| EKU-ID: 31123 | CVE: | OSVDB-ID: |
| Author: Ziv Kamir | Published: 2005-06-03 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31123 | CVE: | OSVDB-ID: |
| Author: Ziv Kamir | Published: 2005-06-03 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/13850/info LiteWeb Server is prone to a vulnerability that may let remote attackers bypass authentication. The specific issue is inadequate sanitization of user-supplied requests. In particular, there is an error in the handling of slash characters '/\' that will allow remote users to access protected files. http://www.example.com/\admin\/login.html http://www.example.com//admin//login.html