Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

microworld-traverse.txt

🗓️ 12 Mar 2008 00:00:00Reported by Luigi AuriemmaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

MicroWorld eScan Server directory traversal bug; remote exploitatio

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
#######################################################################  
  
Luigi Auriemma  
  
Application: MicroWorld eScan Server (aka eScan Management Console)  
http://www.mwti.net  
Versions: <= 9.0.742.98  
Platforms: Windows  
Bug: directory traversal  
Exploitation: remote  
Date: 06 Mar 2008  
Author: Luigi Auriemma  
e-mail: [email protected]  
web: aluigi.org  
  
  
#######################################################################  
  
  
1) Introduction  
2) Bug  
3) The Code  
4) Fix  
  
  
#######################################################################  
  
===============  
1) Introduction  
===============  
  
  
>From vendor's website:  
"The Powerful Management Console of eScan provides options for system  
administrators to remotely administer a vast network of clients. It  
also allows them to remotely install eScan, deploy upgrades and updates  
and enforce an Integrated Security Policy for the entire Enterprise."  
  
  
#######################################################################  
  
======  
2) Bug  
======  
  
  
The eScan Server (eserv.exe) listens on port 2021 for FTP connections  
using c:\pub as root path.  
  
Although the server tries to avoid possible directory traversal attacks  
for example rejecting the dotdot patterns, is still possible for an  
attacker to download any file from the disk of the remote system simply  
applying a slash or a backslash at the beginning of the filename for  
selecting the root path of the disk.  
For example /boot.ini, \windows\win.ini and so on.  
  
Only downloading files is allowed by the server, so deleting or  
uploading custom files is not possible.  
  
  
#######################################################################  
  
===========  
3) The Code  
===========  
  
  
ftp://SERVER:2021//windows/win.ini  
  
or manually:  
ftp -A  
open SERVER 2021  
get  
/windows/win.ini  
local_win.ini  
  
  
#######################################################################  
  
======  
4) Fix  
======  
  
  
No fix  
  
  
#######################################################################  
  
  
---   
Luigi Auriemma  
http://aluigi.org  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
12 Mar 2008 00:00Current
7.4High risk
Vulners AI Score7.4
microworld escan server; directory traversal; remote exploitation; windows; luigi auriemma
20
.json
Report