header-logo
Suggest Exploit
vendor:
WinIPDS
by:
7.5
CVSS
HIGH
Directory Traversal, Denial-of-Service
22
CWE
Product Name: WinIPDS
Affected Version From: 3.3 rev. G52-33-021
Affected Version To: 3.3 rev. G52-33-021
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

WinIPDS Directory Traversal and Denial-of-Service Vulnerabilities

The directory traversal vulnerability in WinIPDS allows an attacker to gain access to sensitive information by manipulating directory paths. The denial-of-service vulnerability allows an attacker to crash the application, denying service to legitimate users. The vulnerabilities can be exploited by sending specially crafted GET or POST requests with manipulated directory paths.

Mitigation:

Update to the latest version of WinIPDS to fix these vulnerabilities. Restrict access to the affected application from untrusted sources. Implement input validation to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27757/info

WinIPDS is prone to a directory-traversal vulnerability and a denial-of-service vulnerability.

Exploiting these issues will allow attackers to gain to sensitive information or crash the affected application, denying further service to legitimate users.

These issues affect WinIPDS 3.3 rev. G52-33-021; prior versions may also be affected. 

GET /../../../../../boot.ini HTTP/1.0
or
POST /..\../..\../..\boot.ini HTTP/1.0

Navigation

Suggest Exploit

Services By CQR