header-logo
Suggest Exploit
vendor:
Personal Video Station
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Personal Video Station
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Snapstream Personal Video Station Directory Traversal Vulnerability

Snapstream Personal Video Station is prone to attacks which allow a remote user to break out of the wwwroot and browse the filesystem at large. The remote attacker may accomplish this by crafting a web request which uses '../' sequences to traverse directories and access arbitrary web-readable files. If exploited conjunction with Bugtraq ID 3101, a remote attacker can gain the administrative password for Snapstream.

Mitigation:

Ensure that web requests are properly sanitized and validated before being processed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3100/info

Snapstream Personal Video Station is an application for Microsoft Windows which allows users to record video output on their PC and view it at a later time, locally or via an HTTP interface. The Snapstream PVS web interface runs on port 8129.

Snapstream PVS is prone to attacks which allow a remote user to break out of the wwwroot and browse the filesystem at large. The remote attacker may accomplish this by crafting a web request which uses '../' sequences to traverse directories and access arbitrary web-readable files.

The impact of exploiting this vulnerability is that confidential information may be disclosed to the attacker and follow-up attacks against the host may occur.

If exploited conjunction with Bugtraq ID 3101, a remote attacker can gain the administrative password for Snapstream.

http://home.victim.com:8080/../../../../autoexec.bat

http://home.victim.com:8080/../../../winnt/repair/sam

Navigation

Suggest Exploit

Services By CQR