|
Full Disclosure
mailing list archives
Re: Vulnerabilities in Timbuktu Pro 8.6.5
From: <titon () bastardlabs com>
Date: Tue, 11 Mar 2008 10:29:48 +0000
####################################
Luigi Auriemma
Application: Timbuktu Pro Remote Control Software
[...snip...]
-------------------------------------
B] limited upload directory traversal
-------------------------------------
[...snip...]
Currently I have found no ways to bypass this limitation.
Nice find ! But do you realize that this is public since July 07 ?
If not, you may want to read this:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=589
and this
http://www.milw0rm.com/exploits/4455
All you had to do was add as many "\" as you want at the beginning
of the filename string. (i.e "\../../../pwn3d.exe")
Also, to overwrite existing files, try to break the connection
before the final "\xfe", the program will create a notepad2.exe,
but then it will delete the real notepad.exe. After that, all you have
to do is loop again to re-create the file with your own content.
======
4) Fix
======
No fix
I assume you contacted the vendor before disclosing this ?
http://www.netopia.com/corp/contact_us.html
titon.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
