header-logo
Suggest Exploit
vendor:
SD Server
by:
SecurityFocus
8.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: SD Server
Affected Version From: SD Server 1.0
Affected Version To: SD Server 1.0
Patch Exists: YES
Related CWE: CVE-2003-0753
CPE: o:sd_server:sd_server:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2003

A vulnerability has been identified in the handling of certain types of requests by SD Server

SD Server is vulnerable to a directory traversal attack, which allows an attacker to gain access to potentially sensitive system files. This is due to the application's failure to properly sanitize user-supplied input, allowing an attacker to traverse the directory structure by using a '../' sequence in the URL.

Mitigation:

Ensure that user-supplied input is properly sanitized and that access to sensitive system files is restricted.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12609/info

A vulnerability has been identified in the handling of certain types of requests by SD Server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

Read privileges granted to these files would be restricted by the permissions of the web server process. 

http://www.example.com/../../../windows/repair/sam

Navigation

Suggest Exploit

Services By CQR