Aprox Portal 3.x Directory Traversal 2.0
 
Plugin ID185
Plugin nameAprox Portal 3.x Directory Traversal
Plugin filenameAprox Portal 3.x Directory Traversal.plugin
Plugin filesize3026 bytes
Plugin familyCGI
Plugin created nameNico 'Triplex' Spicher
Plugin created emailTriplex at IT-Helpnet dot de
Plugin created webhttp://triplex.it-helpnet.de/
Plugin created companyhttp://www.it-helpnet.de/
Plugin created date2004/09/07
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/14
Plugin version2.0
Plugin changelogMade some slight modifications in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2. Improved the pattern matching and introduced the plugin changelog in 2.0
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send GET /index.php?show=./mailing/admin_mail.php HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/1.[0-1] 200 *
Plugin detection accuracy90
Plugin commentThis plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de].
Bug published nameNico 'Triplex' Spicher
Bug published emailTriplex@IT-Helpnet.de
Bug published webhttp://triplex.it-helpnet.de
Bug published companyhttp://www.it-helpnet.de
Bug published date2004/02/08
Bug advisoryhttp://www.it-helpnet.de/bugless/bugs.php?mode=show&id=12
Bug produced nameAprox
Bug produced emailinfo at aprox dot de
Bug produced webhttp://www.aprox.de
Bug affectedAprox Portal 3.x
Bug not affectedThe vendor has stated that the vulnerabilities will be fixed in an upcoming version 4.x
Bug vulnerability classDirectory Traversal
Bug descriptionThis CMS contains a Directory Traversal Vulnerability that allows everyone to get administrator-rights.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity4
Bug simplicity8
Bug impact7
Bug risk5
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.