Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Borland Web Server Input Validation Flaw Discloses Files to Remote Users |
|---|
Categorie: Vulnerability
Posted: 2004-01-28 by ReCall
Views: 351
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Rafel Ivgi (The-Insider) reported a vulnerability in the Borland Web Server (Corel Paradox web server). A remote user can view files located outside of the web document directory.
It is reported that the web server does not properly validate user-supplied input. A remote user can supply a specially crafted URL containing directory traversal characters (e.g., '%5c%2e%2e', '../') to view arbitrary files on the target system.
Some demonstration exploit URLs are provided:
http://[target]/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
http://[target]/..................../autoexec.bat
Impact: A remote user can view files on the target system that are located outside of the web document directory.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=677
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
