- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19644
- Проверка EDB
-
- Пройдено
- Автор
- USSR LABS
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-1999-0842
- Дата публикации
- 1999-11-29
symantec mail-gear 1.0 - Directory Traversal
Код:
source: https://www.securityfocus.com/bid/827/info
Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attackers can gain read access to all files on the filesystem that the server has read access to.
http: //target.host:8003/Display?what=../../../../../autoexec.bat
will display the server's autoexec.bat in a default NT installation.- Источник
- www.exploit-db.com
