BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability

2008-01-19T00:00:00
ID EDB-ID:31039
Type exploitdb
Reporter Oliver Karow
Modified 2008-01-19T00:00:00

Description

BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability. CVE-2008-0396. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/27358/info

BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks.

BitDefender Security for File Servers, BitDefender Enterprise Manger, and other BitDefender products that include the Update Server are vulnerable. This issue affects Update Server when running on Windows; Linux and UNIX variants may also be affected. 

echo -e "GET /../../boot.ini HTTP/1.0\r\n\r\n" | nc <server> <port>