M-TECH P-Synch 6.2.5 Path Disclosure Vulnerability

2003-05-29T00:00:00
ID EDB-ID:22674
Type exploitdb
Reporter JeiAr
Modified 2003-05-29T00:00:00

Description

M-TECH P-Synch 6.2.5 Path Disclosure Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/7740/info

Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request will cause P-Sync to display an error message containing the path to the executable.

This vulnerability was reported to affect P-Synch version 6.2.5 other versions may also be affected. 

https://www.example.org/psynch/nph-psa.exe?lang=
https://www.example.org/psynch/nph-psf.exe?lang=