Pivot 't' Parameter Directory Traversal Vulnerability
BID:30012
Info
Pivot 't' Parameter Directory Traversal Vulnerability
| Bugtraq ID: | 30012 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3128 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 30 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Nine:Situations:Group::bookoo |
| Vulnerable: |
Pivot Pivot 1.40.5 Pivot Pivot 1.40.4 Pivot Pivot 1.40.3 Pivot Pivot 1.40.2 Pivot Pivot 1.40.1 |
| Not Vulnerable: | |
Discussion
Pivot 't' Parameter Directory Traversal Vulnerability
Pivot is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Pivot 1.40.5 is vulnerable; other versions may also be affected.
Pivot is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Pivot 1.40.5 is vulnerable; other versions may also be affected.
Exploit / POC
Pivot 't' Parameter Directory Traversal Vulnerability
An attacker can exploit this issue with a browser.
The following exploit code is available:
An attacker can exploit this issue with a browser.
The following exploit code is available:
Solution / Fix
Pivot 't' Parameter Directory Traversal Vulnerability
Solution:
The vendor has released a patch. See the references for information on obtaining the appropriate updates.
Solution:
The vendor has released a patch. See the references for information on obtaining the appropriate updates.
References
Pivot 't' Parameter Directory Traversal Vulnerability
References:
References: