Extent RBS ISP Directory Traversal Vulnerability
BID:1704
Info
Extent RBS ISP Directory Traversal Vulnerability
| Bugtraq ID: | 1704 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 21 2000 12:00AM |
| Updated: | Sep 21 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by anon anon <[email protected]> on Sep 21, 2000. |
| Vulnerable: |
Extent Technologies RBS ISP 2.5 |
| Not Vulnerable: | |
Discussion
Extent RBS ISP Directory Traversal Vulnerability
A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any available file includeing credit card details, username, password etc.
For example:
http://target:8002/Newuser?Image=../../database/rbsserv.mdb
A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any available file includeing credit card details, username, password etc.
For example:
http://target:8002/Newuser?Image=../../database/rbsserv.mdb
Exploit / POC
Extent RBS ISP Directory Traversal Vulnerability
http://target:8002/Newuser?Image=../../database/rbsserv.mdb
http://target:8002/Newuser?Image=../../database/rbsserv.mdb
Solution / Fix
Extent RBS ISP Directory Traversal Vulnerability
Solution:
Extent Technologies has issued a patch which rectifies this issue:
http://www.extent.com/solutions/down_prod.shtml
Solution:
Extent Technologies has issued a patch which rectifies this issue:
http://www.extent.com/solutions/down_prod.shtml
References
Extent RBS ISP Directory Traversal Vulnerability
References:
References:
- Extent RBS ISP Product Homepage (Extent Technologies)