Xinkaa WEB Station Directory Traversal Vulnerability
BID:12606
Info
Xinkaa WEB Station Directory Traversal Vulnerability
| Bugtraq ID: | 12606 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Feb 21 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Luigi Auriemma. |
| Vulnerable: |
Xinkaa WEB Station 1.0.3 |
| Not Vulnerable: | |
Discussion
Xinkaa WEB Station Directory Traversal Vulnerability
A vulnerability has been identified in the handling of certain types of requests by Xinkaa WEB Station. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.
Read privileges granted to these files would be restricted by the permissions of the web server process.
A vulnerability has been identified in the handling of certain types of requests by Xinkaa WEB Station. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.
Read privileges granted to these files would be restricted by the permissions of the web server process.
Exploit / POC
Xinkaa WEB Station Directory Traversal Vulnerability
No exploit is required, the following examples are available:
http://www.example.com/../../../file
http://www.example.com/..\..\..\file
No exploit is required, the following examples are available:
http://www.example.com/../../../file
http://www.example.com/..\..\..\file
Solution / Fix
Xinkaa WEB Station Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Xinkaa WEB Station Directory Traversal Vulnerability
References:
References:
- Xinkaa WEB Station (Luigi Auriemma)
- Xinkaa WEB Station Homepage (Xinkaa)