Netbus Directory Listings Disclosure and File Upload Vulnerability
BID:9475
Info
Netbus Directory Listings Disclosure and File Upload Vulnerability
| Bugtraq ID: | 9475 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2004 12:00AM |
| Updated: | Jan 22 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Rafel Ivgi, The-Insider <[email protected]>. |
| Vulnerable: |
Netbus Netbus 2.0 Pro |
| Not Vulnerable: | |
Discussion
Netbus Directory Listings Disclosure and File Upload Vulnerability
It has been reported that Netbus may be prone to a a directory listings disclosure and file upload vulnerability that may allow and attacker to disclose sensitive information and the possibility of corrupting files on the system or placing files such as malicious files in directories where they may be interpreted.
Netbus Pro has been reported to be vulnerable to this issue.
It has been reported that Netbus may be prone to a a directory listings disclosure and file upload vulnerability that may allow and attacker to disclose sensitive information and the possibility of corrupting files on the system or placing files such as malicious files in directories where they may be interpreted.
Netbus Pro has been reported to be vulnerable to this issue.
Exploit / POC
Netbus Directory Listings Disclosure and File Upload Vulnerability
The following proof of concept has been provided:
http://www.example.com//
http://www.example.com/./
The following proof of concept has been provided:
http://www.example.com//
http://www.example.com/./
Solution / Fix
References
Netbus Directory Listings Disclosure and File Upload Vulnerability
References:
References:
- Netbus (SpectorSoft)
- NetBus Pro Web Server Direcory Listing And Remote File Upload ("Rafel Ivgi, The-Insider"
)