bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/19537.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

6 lines
No EOL
635 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/689/info
TeamTrack 3.00 has a built-in webserver which is meant to be used during the evaluation period, or until IIS or Netscape Enterprise/FastTrack is installed. This server does not filter out requested paths containing the ../ sequence. Because of this, an attacker can specify a file outside of the normal web file structure. The name and relative path (from the web root) of the file must be known by the attacker.
Requesting the following URL from the TeamTrack server will display the contents of the target's SAM file: (NT only)
http ://target.com/../../../../../winnt/repair/sam._
Reference in a new issue View git blame Copy permalink