header-logo
Suggest Exploit
vendor:
ReGet Deluxe
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: ReGet Deluxe
Affected Version From: ReGet Deluxe 3.0 build 121
Affected Version To: Other versions could be affected as well.
Patch Exists: YES
Related CWE: N/A
CPE: ReGet Deluxe
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

ReGet Directory Traversal Vulnerability

It has been reported that ReGet may be prone to a directory traversal vulnerability that may allow remote attackers to upload files to arbitrary locations on a target system. The attacker may supply encoded directory traversal sequences in the URI parameter so that the requested file is saved outside of the default download directory specified by the user.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in file operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9951/info

It has been reported that ReGet may be prone to a directory traversal vulnerability that may allow remote attackers to upload files to arbitrary locations on a target system. The attacker may supply encoded directory traversal sequences in the URI parameter so that the requested file is saved outside of the default download directory specified by the user.

ReGet Deluxe 3.0 build 121 has been reported to be prone to this issue, however, other versions could be affected as well.

/support/download.jsp?filename=..%2F ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow

Navigation

Suggest Exploit

Services By CQR