MetaProducts Offline Explorer File System Disclosure Vulnerability
BID:2084
Info
MetaProducts Offline Explorer File System Disclosure Vulnerability
| Bugtraq ID: | 2084 |
| Class: | Input Validation Error |
| CVE: |
CVE-2001-0038 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 07 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Posted to Bugtraq on December 7, 2000 by Dodger <[email protected]>. |
| Vulnerable: |
MetaProducts Offline Explorer 1.3 x MetaProducts Offline Explorer 1.2 x MetaProducts Offline Explorer 1.1 x MetaProducts Offline Explorer 1.0 x |
| Not Vulnerable: |
MetaProducts Offline Explorer 1.4 x |
Discussion
MetaProducts Offline Explorer File System Disclosure Vulnerability
MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.
It is possible to view the full contents of the directory structure of a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve a directory listing and browse its contents without any authorization whatsoever by issuing a GET request followed by a corresponding physical or logical drive letter.
Eg.
http://target:800/C:/
will reveal a directory listing for drive C.
MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.
It is possible to view the full contents of the directory structure of a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve a directory listing and browse its contents without any authorization whatsoever by issuing a GET request followed by a corresponding physical or logical drive letter.
Eg.
http://target:800/C:/
will reveal a directory listing for drive C.
References
MetaProducts Offline Explorer File System Disclosure Vulnerability
References:
References:
- MetaProducts Homepage (MetaProducts)