vqSoft vqServer 1.9.9 Directory Traversal Vulnerability
BID:1067
Info
vqSoft vqServer 1.9.9 Directory Traversal Vulnerability
| Bugtraq ID: | 1067 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 21 2000 12:00AM |
| Updated: | Mar 21 2000 12:00AM |
| Credit: | Posted to Bugtraq on March 21, 2000 by Johan Nilsson <[email protected]>. |
| Vulnerable: |
vqSoft vqServer for Windows 1.9.9 |
| Not Vulnerable: |
vqSoft vqServer for Windows 1.9.47 vqSoft vqServer for Windows 1.9.30 |
Discussion
vqSoft vqServer 1.9.9 Directory Traversal Vulnerability
Some versions of vqSoft vqServer for Windows are vulnerable to the common ../../ method of retrieving known files from outside of the web directory structure, accomplished by appending a variable number of "../" and a known filename to an HTTP GET request.
Some versions of vqSoft vqServer for Windows are vulnerable to the common ../../ method of retrieving known files from outside of the web directory structure, accomplished by appending a variable number of "../" and a known filename to an HTTP GET request.
Exploit / POC
vqSoft vqServer 1.9.9 Directory Traversal Vulnerability
http://target/../../../../../autoexec.bat
http://target/../../../../../autoexec.bat
Solution / Fix
vqSoft vqServer 1.9.9 Directory Traversal Vulnerability
Solution:
Version 1.9.30 or greater of vqServer is not susceptible to this vulnerability. The newest version is available for download at the following location:
http://www.vqsoft.com/vq/server/index.html
Solution:
Version 1.9.30 or greater of vqServer is not susceptible to this vulnerability. The newest version is available for download at the following location:
http://www.vqsoft.com/vq/server/index.html
References
vqSoft vqServer 1.9.9 Directory Traversal Vulnerability
References:
References:
- vqSoft vqServer Product Homepage (vqSoft)