Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Keene Digital Media Server Directory Traversal

from [GulfTech Security] Network Security [Permanent Link]
Subject: Keene Digital Media Server Directory Traversal
Date: Wed, 25 Aug 2004 19:54:46 -0500 
##########################################################
# GulfTech Security Research              August, 25th 2004
##########################################################
# Vendor  : Keene Software
# URL     : http://www.keenesoftware.com
# Version : Keene Digital Media Server 1.0.2
# Risk    : Directory Traversal Vulnerability
##########################################################

Description:
Keene Digital Media Server is an easy and affordable way to 
share all things digital with friends, family, and customers 
over your broadband connection. DMS turns your computer into 
a highly secure Web server that automatically converts your 
files and folders into Web pages, thumbnails, and media shows 
with no Web programming required. Integrated user and file 
access security management provide the ultimate control over 
your content.


Directory Traversal Vulnerability:
Not too long ago I saw there was a directory traversal vuln
found in Keene Digital Media Server. it was fixed by the
developers, but

http://localhost/%2E%2E%5Csystem.log

It seems that only ../ and %2E%2E/ were filtered out. If you
hex encode the backslash or use a forward slash you can then
traverse out of the web directory. For example I am able to
grab the server log file with the above request.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00046-08252004



Solution:
I contacted the developers but never received a response.



Credits:
James Bercegay of the GulfTech Security Research Team
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Keene Digital Media Server Directory Traversal, GulfTech Security <=
Previous by Date:  TSL-2004-0043 - multi, Trustix Security Advisor
Next by Date:  Gaucho v1.4 Build 145 Buffer Overflow, Jirtme
Previous by Thread:  TSL-2004-0043 - multi, Trustix Security Advisor
Next by Thread:  Gaucho v1.4 Build 145 Buffer Overflow, Jirtme
Indexes:  [Date] [Thread] [Top] [All Lists]