SD Server versions 4.0.70 and below suffer from a classic directory traversal flaw.
0a6a0e0996717aed2c5d24bdc18e0f7e391365c5aca6a7f0b5c1f67e4b43cd99..:x0n3-h4ck Italian Security Team:..
/*Advisories*\
*/
Application: SD Server
Url Vendor: http://www.gdsoftware.dk/
Version: <= 4.0.70
Platforms: Windows
Bug: Directory Traversal
Exploitation: Remote
Author: CorryL
Email Author: corryl80@gmail.com
Url Author: www.x0n3-h4ck.org
*\
{Description}
The SD Server is a easy http server, A remote user can obtain files on the
system that are located outside of
the web document directory.
{Bug}
http://victimhost/../../../windows/repair/sam
A remote user succeeds to read the file sam of the system where to be in
execution SD Server.
{Vendor Status}
20/02/2005 Vendor notification
20/02/2005 Vendor response
21/02/2005 Vendor Fix the Bug
{Fix}
In version 4.0.0.72
http://www.gdsoftware.dk/dl_file.asp?link=SDServer 4.0.0.72.zip
CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
Italian Security Team
_________________________________
www.seekstat.it is your web stat
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed