12 lines
906 B
Text
Executable file
12 lines
906 B
Text
Executable file
source: http://www.securityfocus.com/bid/2519/info
|
|
|
|
Elron IM is a suite of tools providing internet filtering, virus protection, and other features.
|
|
|
|
Certain non-current versions of products in the Internet Manager suite, including IM Anti-Virus, are vulnerable to directory traversal attacks.
|
|
|
|
An attacker can compose a long path which includes '/../' sequences, and submit it as a file request to the built-in webserver. The server will not filter 'dot-dot' sequences from the path, permitting the attacker to specify files outside the directory tree normally available to users.
|
|
|
|
This can permit disclosure of confidential data and sensitive system files which, if properly exploited, could lead to further compromises of the host's security.
|
|
|
|
http://target:80/../../../../../../boot.ini will, in most cases, return the specified file. In some cases, more "../" sequences will be required.
|
|
|