[转载]SD Server 4.0.70 Directory Traversal Bug

EvilOctal

团队执行官

Rank: 8 Rank: 8

E.S.T社区执行帐号

帖子: 9861
精华: 771
积分: 40900
阅读权限: 200
性别: 男
在线时间: 3984 小时
注册时间: 2004-7-4
最后登录: 2008-11-18

发短消息
加为好友
当前离线

楼主大中小发表于 2005-2-24 23:44 只看该作者

[转载]SD Server 4.0.70 Directory Traversal Bug

信息来源：x0n3-h4ck Italian Security Team

/*Advisories*
*/

Application: SD Server

Url Vendor: http://www.gdsoftware.dk/

Version: <= 4.0.70

Platforms: Windows

Bug: Directory Traversal

Exploitation: Remote

Author: CorryL

Email Author: corryl80 gmail com

Url Author: www.x0n3-h4ck.org

*
{Description}

The SD Server is a easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.

{Bug}

http://victimhost/../../../windows/repair/sam

A remote user succeeds to read the file sam of the system where to be in
execution SD Server.

{Vendor Status}

20/02/2005 Vendor notification

20/02/2005 Vendor response

21/02/2005 Vendor Fix the Bug

{Fix}

In version 4.0.0.72

http://www.gdsoftware.dk/dl_file.asp?link=SDServer 4.0.0.72.zip

CorryL
corryl80 gmail com
www.x0n3-h4ck.org
Italian Security Team

曾几何时，有人对我说：装B遭雷劈。我说：去你妈的。于是，这个人又对我说：如果再说脏话，上帝会惩罚你的。我说：我操上帝。结论：彪悍的人生不需要上帝。

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 重要安全公告{ Security Advisory Bulletin } » 漏洞分析[ Vulnerability Analyse ] » [转载]SD Server 4.0.70 Directory Traversal Bug