header-logo
Suggest Exploit
vendor:
Offline Explorer
by:
5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Offline Explorer
Affected Version From: All versions of MetaProducts Offline Explorer
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows

Directory Traversal Vulnerability in MetaProducts Offline Explorer

The Directory Traversal vulnerability in MetaProducts Offline Explorer allows remote attackers to view known files on the system by performing a GET request with a double dot "../.." directory traversal technique.

Mitigation:

It is recommended to update to the latest version of MetaProducts Offline Explorer to mitigate this vulnerability. Additionally, restricting network access to the application's port (800) can also help in preventing unauthorized access.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1231/info

MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.

It is possible to view known files on a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve the contents of known files without any authorization whatsoever by performing a GET request and implementing the double dot "../..\" directory traversal technique.

Eg.

http://target:800/../..\

Navigation

Suggest Exploit

Services By CQR