7 lines
No EOL
524 B
Text
7 lines
No EOL
524 B
Text
source: https://www.securityfocus.com/bid/827/info
|
|
|
|
Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attackers can gain read access to all files on the filesystem that the server has read access to.
|
|
|
|
|
|
http: //target.host:8003/Display?what=../../../../../autoexec.bat
|
|
will display the server's autoexec.bat in a default NT installation. |