etype eserv 2.50 - Directory Traversal

EDB-ID:

19601


Author:

Ussr Labs

Type:

remote


Platform:

Windows

Date:

1999-11-04


source: https://www.securityfocus.com/bid/773/info

Etype's Eserv product is designed to be a one-source internet connectivity solution, incorporating mail, web, ftp, and proxy servers into one package. The web server will allow remote browsing of the entire filesystem by the usage of ../ strings in the URL. This gives an attacker read access to every file on the server's filesystem that the webserver has access to. 

http://victim.com/../../../autoexec.bat