Bugtraq mailing list archives
Broker 5.9.5.0 Directory Traversal
From: ByteRage <byterage () yahoo com>
Date: Sun, 1 Jul 2001 09:11:42 -0700 (PDT)
Broker 5.9.5.0 Directory Traversal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AFFECTED SYSTEMS Broker 5.9.5.0 DESCRIPTION Broker has the same *.lnk upload vulnerability than the one I recently found in WFTPD, with : PUT \local.lnk remote.lnk. We can create our own link, this way, we can traverse the homedirectory. It's even easier than the WFTPD bug, because we can point our *.lnk file to a directory, then we can just CD to the created link, and we're in the directory we're not supposed to be in. IMPACT users with write permissions can traverse directories, by uploading a lnk file pointing to the desired file / directory VENDOR STATUS I have sent this advisory to <support () transsoft com> ======================================================= [ByteRage] <byterage () yahoo com> [www.byterage.cjb.net] ======================================================= __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Current thread:
- Broker 5.9.5.0 Directory Traversal ByteRage (Jul 02)