ReGet Software ReGet Directory Traversal Vulnerability
BID:9951
Info
ReGet Software ReGet Directory Traversal Vulnerability
| Bugtraq ID: | 9951 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2004 12:00AM |
| Updated: | Mar 22 2004 12:00AM |
| Credit: | Discovery is credited to snifer <snifer_@_ftp.hotbox.ru>. |
| Vulnerable: |
ReGet Software ReGet Deluxe 3.0 build 121 |
| Not Vulnerable: | |
Discussion
ReGet Software ReGet Directory Traversal Vulnerability
It has been reported that ReGet may be prone to a directory traversal vulnerability that may allow remote attackers to upload files to arbitrary locations on a target system. The attacker may supply encoded directory traversal sequences in the URI parameter so that the requested file is saved outside of the default download directory specified by the user.
ReGet Deluxe 3.0 build 121 has been reported to be prone to this issue, however, other versions could be affected as well.
It has been reported that ReGet may be prone to a directory traversal vulnerability that may allow remote attackers to upload files to arbitrary locations on a target system. The attacker may supply encoded directory traversal sequences in the URI parameter so that the requested file is saved outside of the default download directory specified by the user.
ReGet Deluxe 3.0 build 121 has been reported to be prone to this issue, however, other versions could be affected as well.
Exploit / POC
ReGet Software ReGet Directory Traversal Vulnerability
No exploit is required.
The following proof of concept has been provided:
/support/download.jsp?filename=..%2F ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
No exploit is required.
The following proof of concept has been provided:
/support/download.jsp?filename=..%2F ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
Solution / Fix
ReGet Software ReGet Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ReGet Software ReGet Directory Traversal Vulnerability
References:
References:
- ReGet Directory Traversal (snifer)
- ReGet Product Page (ReGet Software)