- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21030
- Проверка EDB
-
- Пройдено
- Автор
- JOHN@INTERROREM.COM
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2001-1108
- Дата публикации
- 2001-07-26
Код:
source: https://www.securityfocus.com/bid/3100/info
Snapstream Personal Video Station is an application for Microsoft Windows which allows users to record video output on their PC and view it at a later time, locally or via an HTTP interface. The Snapstream PVS web interface runs on port 8129.
Snapstream PVS is prone to attacks which allow a remote user to break out of the wwwroot and browse the filesystem at large. The remote attacker may accomplish this by crafting a web request which uses '../' sequences to traverse directories and access arbitrary web-readable files.
The impact of exploiting this vulnerability is that confidential information may be disclosed to the attacker and follow-up attacks against the host may occur.
If exploited conjunction with Bugtraq ID 3101, a remote attacker can gain the administrative password for Snapstream.
http://home.victim.com:8080/../../../../autoexec.bat
http://home.victim.com:8080/../../../winnt/repair/sam- Источник
- www.exploit-db.com
