Bugtraq mailing list archives
BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY
From: "][-][UNTER" <lopht () tutopia com>
Date: Wed, 27 Feb 2002 07:02:34 -0300
Hi bugtraq again... Now i' ve found another vulnerability in BPM STUDIO PRO 4.2 http server implementation. Anyone can download any file in some host running this software simply like performing this http request : http://BPM-HOST/../../../../autoexec.bat http server is not activated by default... byes ----------------------------------------------- ][-][UNTER Infobyte Security Research Crew Buenos Aires, Argentina -----------------------------------------------
Current thread:
- BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY ][-][UNTER (Feb 27)