CVE-2004-2628

thttpd 2.07 beta 0.4 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2628. PoCs published by CoolICE.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in thttpd 2.07 beta 0.4 on Windows, allowing attackers to access arbitrary files via malformed URLs. No functional code is provided, only example URLs demonstrating the issue.

Description

Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").

Exploits (1)

exploitdb WRITEUP VERIFIED

by CoolICE · textremotewindows

https://www.exploit-db.com/exploits/24350

View Code ZIP pw:eip

The exploit describes a directory traversal vulnerability in thttpd 2.07 beta 0.4 on Windows, allowing attackers to access arbitrary files via malformed URLs. No functional code is provided, only example URLs demonstrating the issue.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: thttpd 2.07 beta 0.4 (Windows)

No auth needed

Prerequisites: thttpd 2.07 beta 0.4 running on Windows · network access to the server

MITRE ATT&CK