Bugtraq mailing list archives
Vulnerability in WebCollection Plus (TM)
From: <f0urtyfive () ceteranet com>
Date: Tue, 14 Jan 2003 10:08:09 -0500 (EST)
These vulnerabilities were found / tested on: WebCollection Plus (TM) Copyright 2001 Follett Software Company Version 5.00 Revision 12-01-A Dec 19 2001 Program protects from reading other non-webserver accessible files by checking for a : or excessive .'s in a string. If the URL has a / at the beginning, it has the affect of reading from C:\ for example, to read C:\bootlog.txt the URL to use is something like http://vulnerableserver/wx/s.dll?d=/bootlog.txt Found the latest version revision is 5.05, but could not find a 5.05 copy to test on. Manufacturer of program was contacted by Phone, and the vulnerability was reported to them. Follet Software has not replied concerning not being submitted to bugtraq, so I have to assume they do not care. f0urtyfive www.ceteranet.com
Current thread:
- Vulnerability in WebCollection Plus (TM) f0urtyfive (Jan 16)