[转载]SAP Internet Graphics Server Input Validation

信息来源：advisories@corsaire.com

Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Advisory: Corsaire
Version(s): prior to version 6.40 Patch 11
Description: A vulnerability was reported in SAP in the SAP Internet Graphics Server (IGS). A remote user can view files on the target system.

A remote user can supply a specially crafted request containing '../..' directory traversal characters to view files on the target system that are located outside of the web document directory.

A demonstration exploit URL is provided:

http://[target]/htdocs/../../../../../../../../../../../../e tc/passwd

The vendor was notified on May 11, 2005.

Martin O'Neal from Corsaire reported this vulnerability.
Impact: A remote user can view files on the target system with the privileges of the IGS process.
Solution: The vendor has issued a fixed version (version 6.40 Patch 11).
Vendor URL: www.sap.com/ (Links to External Site)
Cause: Input validation error
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)