Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

intermate-traverse.txt

🗓️ 12 Feb 2008 00:00:00Reported by Luigi AuriemmaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 39 Views

Intermate WinIPDS security vulnerabilitie

Code
`  
#######################################################################  
  
Luigi Auriemma  
  
Application: Intermate WinIPDS  
http://www.intermate.com/ipdssoftware  
Versions: <= Release 3.3 Revision G52-33-021  
Platforms: Windows  
Bugs: A] directory traversal in web administration  
B] Denial of Service versus the IPDS port  
Exploitation: remote  
Date: 12 Feb 2008  
Author: Luigi Auriemma  
e-mail: [email protected]  
web: aluigi.org  
  
  
#######################################################################  
  
  
1) Introduction  
2) Bugs  
3) The Code  
4) Fix  
  
  
#######################################################################  
  
===============  
1) Introduction  
===============  
  
  
WinIPDS is a commercial AFP (Advanced function printing) and IPDS  
(Intelligent Printer Data Stream) print server for Windows.  
  
  
#######################################################################  
  
=======  
2) Bugs  
=======  
  
--------------------------------------------  
A] directory traversal in web administration  
--------------------------------------------  
  
WinIPDS includes a web server for the remote administration of the  
service.  
This web interface is vulnerable to a classical directory traversal  
attack exploitable with both the plain slash and backslash delimiters  
allowing an attacker to download any file from the disk on which is  
installed the program.  
  
  
-----------------------------------------  
B] Denial of Service versus the IPDS port  
-----------------------------------------  
  
5001 is the port used by the IPDS service for the remote printing of  
the files.  
The problem here is that packets smaller than the size they should have  
cause CPU at 100% and the inability to handle the printing commands of  
the users.  
The packet's types which cause this effect are 3, 5, 7, 13, 14 and 15.  
  
  
#######################################################################  
  
===========  
3) The Code  
===========  
  
  
A]  
GET /../../../../../boot.ini HTTP/1.0  
or  
POST /..\../..\../..\boot.ini HTTP/1.0  
  
B]  
http://aluigi.org/poc/winipds.txt  
  
nc SERVER 5001 -v -v -w 3 < winipds.txt  
  
  
#######################################################################  
  
======  
4) Fix  
======  
  
  
No fix  
  
  
#######################################################################  
  
  
---   
Luigi Auriemma  
http://aluigi.org  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Feb 2008 00:00Current
7.4High risk
Vulners AI Score7.4
intermate winipdsdirectory traversaldenial of serviceremote exploitationwindowsport 5001
39