CVE-2002-1079

Abyss Web Server 1.0.3 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1079. PoCs published by Auriemma Luigi.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Abyss Web Server. The vulnerability allows an attacker to escape the web root and access arbitrary system files by using URL-encoded sequences like '%5c' (backslash) and '%2e%2e' (dot-dot).

Description

Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Auriemma Luigi · textremotewindows

https://www.exploit-db.com/exploits/21735

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in Abyss Web Server. The vulnerability allows an attacker to escape the web root and access arbitrary system files by using URL-encoded sequences like '%5c' (backslash) and '%2e%2e' (dot-dot).

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Abyss Web Server

No auth needed

Prerequisites: Network access to the vulnerable web server

MITRE ATT&CK