gleamtech filevista/fileultimate 4.6 - Directory Traversal

ID EDB-ID:22972
Type exploitdb
Reporter Soroush Dalili
Modified 2012-11-28T00:00:00


gleamtech filevista/fileultimate 4.6 - Directory Traversal. Webapps exploit for windows platform

I have recently released this vulnerability in a talk:

- Title: GleamtechFileVista/FileUltimate 4.6 Directory Traversal can lead to file upload attack
- Credit goes to: Soroush Dalili
- Link:
- Description:
It is possible to bypass directory traversal validation of FileVista/FileUltimate version 4.3 by using "..[SPACE]/" or "..[SPACE]\". As a result, it can be possible to bypass the security restrictions and upload an arbitrary file and execute that on the server.

- PoC:

Soroush Dalili