MetaProducts Offline Explorer Directory Traversal Vulnerability
BID:1231
Info
MetaProducts Offline Explorer Directory Traversal Vulnerability
| Bugtraq ID: | 1231 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 19 2000 12:00AM |
| Updated: | May 19 2000 12:00AM |
| Credit: | Double dot vulnerability discovered by Wyzewun and publicized in Forbidden Knowledge Ezine 9 on May 19, 2000. |
| Vulnerable: |
MetaProducts Offline Explorer 1.2 x MetaProducts Offline Explorer 1.1 x MetaProducts Offline Explorer 1.0 x |
| Not Vulnerable: |
MetaProducts Offline Explorer 1.4 x MetaProducts Offline Explorer 1.3 x |
Discussion
MetaProducts Offline Explorer Directory Traversal Vulnerability
MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.
It is possible to view known files on a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve the contents of known files without any authorization whatsoever by performing a GET request and implementing the double dot "../..\" directory traversal technique.
Eg.
http://target:800/../..\
MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.
It is possible to view known files on a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve the contents of known files without any authorization whatsoever by performing a GET request and implementing the double dot "../..\" directory traversal technique.
Eg.
http://target:800/../..\
Exploit / POC
MetaProducts Offline Explorer Directory Traversal Vulnerability
http://target:800/../..\
http://target:800/../..\
Solution / Fix
MetaProducts Offline Explorer Directory Traversal Vulnerability
Solution:
MetaProducts has released an upgrade version of Offline Explorer which is not susceptible to this vulnerability:
Offline Explorer 1.4 Service Release 2
http://www.metaproducts.com/download/oesetup.exe
Offline Explorer Pro 1.4 Service Release 2
http://www.metaproducts.com/download/opsetup.exe
Solution:
MetaProducts has released an upgrade version of Offline Explorer which is not susceptible to this vulnerability:
Offline Explorer 1.4 Service Release 2
http://www.metaproducts.com/download/oesetup.exe
Offline Explorer Pro 1.4 Service Release 2
http://www.metaproducts.com/download/opsetup.exe
References
MetaProducts Offline Explorer Directory Traversal Vulnerability
References:
References:
- Forbidden Knowledge Ezine #9 (Forbidden Knowledge)
- MetaProducts Homepage (MetaProducts)