Type
File Disclosure
Release Date
February 21, 2002
Product / Vendor
LilHTTP Web Server is very small yet powerfull Web Server. This server weighs in at just under 120k in size as a stand-alone EXE file. It features security, Server Side Includes and CGI support. LilHTTP is very easy to configure and to setup.
Summary
It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver.
http://host/./protectedfolder/protectedfile.htm
Tested
Windows 2000 / LilHTTP Server 2.1
Vulnerable
LilHTTP Server 2.1 (And may be other.)
Disclaimer
http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.
Author
Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net