Bugtraq: Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

From: Luigi Auriemma <aluigi () autistici org>
Date: Tue, 12 Feb 2008 18:58:30 +0100

jfvanmeter () comcast net wrote:

Interresting, how are you running the Get command? Is safenet
installed on a workstation or server?


Here I have Windows XP Pro SP2.
All the tests have been made using the raw GET request as I reported in
my advisory using netcat because the browsers usually modify the
delimiters or just the entire URI, for example IE converts backslashes
in slashes while Firefox drops ../ and converts \ in %5c.


--- 
Luigi Auriemma
http://aluigi.org

By Date By Thread

Current thread:

Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 Luigi Auriemma (Feb 11)
- <Possible follow-ups>
- Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 jfvanmeter (Feb 12)
  - Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 Luigi Auriemma (Feb 12)
- Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 jfvanmeter (Feb 12)
  - Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 Luigi Auriemma (Feb 12)
- Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 jfvanmeter (Feb 12)
  - Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0 Luigi Auriemma (Feb 12)