Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   KF Web Server Vendors:   KeyFocus Ltd.
KF Web Server Discloses Directory Listings for All Web Directory Contents to Remote Users
SecurityTracker Alert ID:  1004723
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 8 2002
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0.2
Description: reported an information disclosure vulnerability in the KF Web Server from KeyFocus. A remote user can supply a specially crafted URL to obtain directory listings of all files in the web directory structure.

It is reported that a remote user can supply a URL with a '%00' string after a directory name to see a listing of all files within that directory. Some demonstration exploit URLs are provided:

http://server_name/subdir/%00 credits Arnaud Jacques aka scrap with discovering this flaw.

Impact:   A remote user can view full directory listings for any directory in the web document directories.
Solution:   The vendor has issued a fixed version (1.0.3), available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Me), Windows (98), Windows (2000), Windows (XP)

Message History:   None.

 Source Message Contents

Subject:  [VulnWatch] KF Web Server version 1.0.2 shows file and directory content

KF Web Server version 1.0.2 shows file and directory content

.oO  Overview Oo.
KF Web Server version 1.0.2 shows file and directory content
Discovered on 2002, July, 2nd
Vendor: KeyFocus (

KF Web Server 1.0.2 is a free personal web server available for Windows 
98,ME,2000,XP. This web server can shows file and directory content.

.oO  Details Oo.
If the requested URL contains a %00 after a directory name, then the server 
shows all files in the directory content. 
A hacker can see all hidden (non-HTML linked) files and directories on the 

.oO  Exploit Oo.
The exploit is really easy. You can do it with any browser
Examples :
http://server_name/index.html : Normal use.
http://server_name/%00 : You get the vulnerability.
http://server_name/index.html%00 : Is *not* vulnerable.
http://server_name/%00index.html : You get the vulnerability. In fact 
everything after %00 is ignored.
http://server_name/subdir/%00 : You get the vulnerability.

.oO  Solution Oo.
The vendor has been informed and has solved the problem.
Upgrade to KF Web Server version 1.0.3 

.oO  Discovered by Oo.
Arnaud Jacques aka scrap


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC