Exploit Business Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24077
Проверка EDB
  1. Пройдено
Автор
IMPERVA APPLICATION DEFENSE CENTER
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2004-0204
Дата публикации
2004-05-03
Код:
source: https://www.securityfocus.com/bid/10260/info

Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and denial of service attacks.

An attacker can exploit this issue by sending directory traversal sequences and requesting a file through a vulnerable parameter of one of the affected modules. 

Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Business Solutions CRM 1.2 are also vulnerable to this issue as Microsoft re-distributes Crystal Reports.

http://www.example.com/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt
 
Источник
www.exploit-db.com

Похожие темы