15 lines
No EOL
686 B
Text
15 lines
No EOL
686 B
Text
Hello
|
|
I have recently released this vulnerability in a talk:
|
|
http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
|
|
|
|
|
|
- Title: GleamtechFileVista/FileUltimate 4.6 Directory Traversal can lead to file upload attack
|
|
- Credit goes to: Soroush Dalili
|
|
- Link:http://www.gleamtech.com/download
|
|
- Description:
|
|
It is possible to bypass directory traversal validation of FileVista/FileUltimate version 4.3 by using "..[SPACE]/" or "..[SPACE]\". As a result, it can be possible to bypass the security restrictions and upload an arbitrary file and execute that on the server.
|
|
|
|
- PoC:http://www.youtube.com/v/HjS6Pob5t34?version=3&hl=en_US&rel=0&vq=hd720
|
|
|
|
Regards
|
|
Soroush Dalili |