https://www.exploit-db.com/exploits/20793
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-122

RobTexVikingWeb服务器1.07-381之前版本存在目录遍历漏洞。远程攻击者可以借助HTTPURL请求中的…(修改过的点点)读取任意文件。

source: http://www.securityfocus.com/bid/2643/info

The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems.

A problem in the software package could make it possible for remote users to gain access to sensitive system files. Due to the improper handling of relative paths by the HTTP serving portion of the Viking Server, a user requesting a relative path such as "..." can gain access to the root directory, breaking out of the webroot.

This problem makes it possible for remote user to gain access to sensitive system files, and potentially local access. 

http://vulnerable.system/...

来源:BID
名称:2643
链接:http://www.securityfocus.com/bid/2643
来源:BUGTRAQ
名称:20010423VulnerabilityinVikingWebServer
链接:http://www.securityfocus.com/archive/1/178935
来源:www.robtex.com
链接:http://www.robtex.com/files/viking/beta/chglog.txt
来源:XF
名称:viking-dot-directory-traversal(6450)
链接:http://xforce.iss.net/static/6450.php