11 lines
No EOL
893 B
Text
11 lines
No EOL
893 B
Text
source: https://www.securityfocus.com/bid/2519/info
|
|
|
|
Elron IM is a suite of tools providing internet filtering, virus protection, and other features.
|
|
|
|
Certain non-current versions of products in the Internet Manager suite, including IM Anti-Virus, are vulnerable to directory traversal attacks.
|
|
|
|
An attacker can compose a long path which includes '/../' sequences, and submit it as a file request to the built-in webserver. The server will not filter 'dot-dot' sequences from the path, permitting the attacker to specify files outside the directory tree normally available to users.
|
|
|
|
This can permit disclosure of confidential data and sensitive system files which, if properly exploited, could lead to further compromises of the host's security.
|
|
|
|
http://target:80/../../../../../../boot.ini will, in most cases, return the specified file. In some cases, more "../" sequences will be required. |