Exploit extent technologies rbs isp 2.5 - Directory Traversal

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
20234
Проверка EDB
  1. Пройдено
Автор
ANON
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2000-1036
Дата публикации
2000-09-21
Код:
source: https://www.securityfocus.com/bid/1704/info

A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any available file includeing credit card details, username, password etc.

For example:

http://target:8002/Newuser?Image=../../database/rbsserv.mdb
 
Источник
www.exploit-db.com

Похожие темы