IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

Veeam homepage

Cloud Computing

Veeam Develops Backup Plan for VMware Alternatives Veeam Develops Backup Plan for VMware Alternatives

byDave Raffo, Channel Futures

Jul 3, 2024

3 Min Read

healthcare administrator transferring patient data via cloud computing applications

Cloud Computing

5 Best Practices for Achieving Healthcare Cloud Compliance 5 Best Practices for Achieving Healthcare Cloud Compliance

byChristopher Tozzi

Jul 1, 2024

4 Min Read

Recent in OS

See All OS

abstract string backgroud

PowerShell

Advanced String Manipulation Techniques in PowerShell Advanced String Manipulation Techniques in PowerShell

byBrien Posey

Jun 28, 2024

3 Min Read

pins with words zero trust on a cybernetic board

Linux OS

How To Implement Zero-Trust Security in Linux Environments How To Implement Zero-Trust Security in Linux Environments

byGrant Knoetze

Jun 26, 2024

8 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

two workers collaborating on computers

IT Operations

Duplicate Tech: A Bottom-Line Issue Worth Resolving Duplicate Tech: A Bottom-Line Issue Worth Resolving

byIndustry Perspectives

Jul 1, 2024

5 Min Read

Career

Recent in Career

See All Career Mgmt

robot and human fingers touching

Career Management

Employees Beginning to See Benefits of AI Autonomy in the Workplace Employees Beginning to See Benefits of AI Autonomy in the Workplace

byNathan Eddy

Jul 3, 2024

4 Min Read

person pressing an "IT" button

IT Management

Well-Intentioned Things IT Leaders Do That Hurt Team Productivity Well-Intentioned Things IT Leaders Do That Hurt Team Productivity

byInformationWeek

Jul 1, 2024

2 Min Read

Storage

Recent in Storage

See All Data Storage

data floating

IT Operations

How IT Operations Can Play a Critical Role in Data Management How IT Operations Can Play a Critical Role in Data Management

byChristopher Tozzi

Jun 21, 2024

4 Min Read

virtual data stack

Data Storage

How to Build a Data Stack That Actually Puts You in Charge of Your Data How to Build a Data Stack That Actually Puts You in Charge of Your Data

byIndustry Perspectives

Jun 14, 2024

8 Min Read

Security

Recent in Security

See All IT Security

elementary students in classroom raising hands

Vulnerabilities & Threats

What Cybersecurity Defense Looks Like for School Districts What Cybersecurity Defense Looks Like for School Districts

byDark Reading

Jul 2, 2024

4 Min Read

artwork shows seven eyeballs emerging from a mess of wires

Data Privacy

Why Windows Recall Creates a Data Privacy Nightmare Why Windows Recall Creates a Data Privacy Nightmare

byBrien Posey

Jul 2, 2024

3 Min Read

Dev

Recent in Dev

See All Software Dev

2 programmers looking at 2 screens of code

No Code/Low Code

Future-Proofing Development with Low-Code/No-Code Solutions in the Age of AI Future-Proofing Development with Low-Code/No-Code Solutions in the Age of AI

byIndustry Perspectives

Jul 3, 2024

5 Min Read

cloud-native

Cloud Native

How Cloud-Native Development Benefits SaaS How Cloud-Native Development Benefits SaaS

byForrester Blog Network

Jun 28, 2024

3 Min Read

Recent in DX

See All Digital Transformation

the logo of Apple is displayed on a mobile phone screen with artificial intelligence written in the background

AI & Machine Learning

Apple Offers Free AI Training for Developer Academy Students Apple Offers Free AI Training for Developer Academy Students

byBen Wodecki, AI Business

Jul 1, 2024

1 Min Read

ChatGPT login screen seen on smartphone and laptop displays.

AI & Machine Learning

OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?OpenAI Releases CriticGPT to Catch Chatbot Hallucinations – Is It Enough?

byDayneé Alejandra Rosales

Jul 1, 2024

2 Min Read

Infrastructure

Information Disclosure Vulnerability in Minihttpserver File Sharing for Net for Windows

A directory-traversal vulnerability in Minihttpserver File Sharing for net 1.5 can permit an attacker read access to any file outside the intended Web-published file system directory.

Ken Pfeil

October 5, 2003

2 Min Read

Reported October 3, 2003 by Bahaa Naamneh.

VERSIONS AFFECTED

Minihttpserver File Sharing for net 1.5

DESCRIPTION

A directory-traversal vulnerability in Minihttpserver File Sharing for net 1.5 can permit an attacker read access to any file outside the intended Web-published file system directory. The attacker can exploit the vulnerability by using the '../' or '..' string in a URL.

DEMONSTRATION

The discoverer posted the following demonstration as proof of concept:

Examples:

---------

http://127.0.0.1/../../../ Program Files/FileSharing for NET/User.ini

http://127.0.0.1/../../../windows/win.ini

VENDOR RESPONSE

Minihttpserver.net has been notified and will release a patch for this vulnerability.

CREDIT

Discovered byBahaa Naamneh.

About the Author(s)

Ken Pfeil

See more from Ken Pfeil

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

cloud-native

Cloud Native

How Cloud-Native Development Benefits SaaS How Cloud-Native Development Benefits SaaS

byForrester Blog Network

Jun 28, 2024

3 Min Read

abstract string backgroud

PowerShell

Advanced String Manipulation Techniques in PowerShell Advanced String Manipulation Techniques in PowerShell

byBrien Posey

Jun 28, 2024

3 Min Read

business person stamping a document

IT Operations

How to Get Executive Buy-In for IT Projects How to Get Executive Buy-In for IT Projects

byChristopher Tozzi

May 28, 2024

6 Min Read

Related Topics

Recent in Cloud

Related Topics

Recent in OS

Related Topics

Recent in IT Mgmt

Related Topics

Recent in Career

Related Topics

Recent in Storage

Related Topics

Recent in Security

Related Topics

Recent in Dev

Related Topics

Recent in DX

Related Topics

Related Topics

Information Disclosure Vulnerability in Minihttpserver File Sharing for Net for Windows

About the Author(s)

Editor's Choice