CVE-2007-0919

Nickolas Grigoriadis MiniWebsvr 0.0.6 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-0919. PoCs published by gbr, shinnai.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in MiniWebSvr 0.0.9a by sending a crafted HTTP GET request to retrieve the boot.ini file. It establishes a socket connection to the target server and sends the malicious request to leak sensitive system files.

Description

Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.

Exploits (2)

exploitdb WORKING POC VERIFIED

by gbr · pythonremotewindows

https://www.exploit-db.com/exploits/5212

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in MiniWebSvr 0.0.9a by sending a crafted HTTP GET request to retrieve the boot.ini file. It establishes a socket connection to the target server and sends the malicious request to leak sensitive system files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MiniWebSvr 0.0.9a

No auth needed

Prerequisites: Network access to the target server · MiniWebSvr 0.0.9a running on the target

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotemultiple

https://www.exploit-db.com/exploits/3708