Home page logo

fulldisclosure logo Full Disclosure mailing list archives

SD Server 4.0.70 Directory Traversal Bug
From: "CorryL" <corryl () sitoverde com>
Date: Mon, 21 Feb 2005 20:41:49 +0100

..:x0n3-h4ck Italian Security Team:..



Application: SD Server

Url Vendor: http://www.gdsoftware.dk/

Version: <= 4.0.70

Platforms: Windows

Bug: Directory Traversal

Exploitation: Remote

Author: CorryL

Email Author: corryl80 () gmail com

Url Author: www.x0n3-h4ck.org



The SD Server is a easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.



A remote user succeeds to read the file sam of the system where to be in
execution SD Server.

{Vendor Status}

20/02/2005 Vendor notification

20/02/2005 Vendor response

21/02/2005 Vendor Fix the Bug


In version


corryl80 () gmail com
Italian Security Team

www.seekstat.it is your web stat
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • SD Server 4.0.70 Directory Traversal Bug CorryL (Feb 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]