header-logo
Suggest Exploit
vendor:
TeamTrack
by:
SecurityFocus
7.5
CVSS
HIGH
Path Traversal
22
CWE
Product Name: TeamTrack
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: N/A
CPE: a:teamtrack:teamtrack:3.00
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2000

TeamTrack 3.00 Path Traversal

TeamTrack 3.00 has a built-in webserver which does not filter out requested paths containing the ../ sequence. This allows an attacker to specify a file outside of the normal web file structure. An attacker can request the SAM file from the TeamTrack server by using the URL http://target.com/../../../../../winnt/repair/sam._

Mitigation:

Filter out requested paths containing the ../ sequence.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/689/info

TeamTrack 3.00 has a built-in webserver which is meant to be used during the evaluation period, or until IIS or Netscape Enterprise/FastTrack is installed. This server does not filter out requested paths containing the ../ sequence. Because of this, an attacker can specify a file outside of the normal web file structure. The name and relative path (from the web root) of the file must be known by the attacker.

Requesting the following URL from the TeamTrack server will display the contents of the target's SAM file: (NT only)
http ://target.com/../../../../../winnt/repair/sam._

Navigation

Suggest Exploit

Services By CQR