[21285] in bugtraq
Broker 5.9.5.0 Directory Traversal
daemon@ATHENA.MIT.EDU (ByteRage)
Mon Jul 2 05:22:35 2001
Message-ID: <20010701161142.90550.qmail@web13005.mail.yahoo.com>
Date: Sun, 1 Jul 2001 09:11:42 -0700 (PDT)
From: ByteRage <byterage@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Broker 5.9.5.0 Directory Traversal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AFFECTED SYSTEMS
Broker 5.9.5.0
DESCRIPTION
Broker has the same *.lnk upload vulnerability than
the one I recently found in WFTPD, with :
PUT \local.lnk remote.lnk.
We can create our own link, this way, we can traverse
the homedirectory. It's even easier than the WFTPD
bug, because we can point our *.lnk file to a
directory, then we can just CD to the created link,
and we're in the directory we're not supposed to be
in.
IMPACT
users with write permissions can traverse directories,
by uploading a lnk file pointing to the desired file /
directory
VENDOR STATUS
I have sent this advisory to <support@transsoft.com>
=======================================================
[ByteRage] <byterage@yahoo.com> [www.byterage.cjb.net]
=======================================================
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
