Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal

2008-08-21T00:00:00
ID EXPLOITPACK:179DECBB3160DEC72EA9A1DC5C0F9440
Type exploitpack
Reporter Deniz Cevik
Modified 2008-08-21T00:00:00

Description

Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal

                                        
                                            source: https://www.securityfocus.com/bid/30780/info

Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Web-Based Admin View 2.1.2 is vulnerable; other versions may also be affected.


The following example is available:

GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0
Host: www.example.com:8081