source: http://www.securityfocus.com/bid/689/info TeamTrack 3.00 has a built-in webserver which is meant to be used during the evaluation period, or until IIS or Netscape Enterprise/FastTrack is installed. This server does not filter out requested paths containing the ../ sequence. Because of this, an attacker can specify a file outside of the normal web file structure. The name and relative path (from the web root) of the file must be known by the attacker. Requesting the following URL from the TeamTrack server will display the contents of the target's SAM file: (NT only) http ://target.com/../../../../../winnt/repair/sam._
Related Exploits
Trying to match CVEs (1): CVE-1999-0933Trying to match OSVDBs (1): 1096
Other Possible E-DB Search Terms: teamshare teamtrack 3.0, teamshare teamtrack
Date | D | V | Title | Author | No matches |
---|