MetaProducts Offline Explorer Directory Traversal Vulnerability

MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.

It is possible to view known files on a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve the contents of known files without any authorization whatsoever by performing a GET request and implementing the double dot "../..\" directory traversal technique.

Eg.

http://target:800/../..\


 

Privacy Statement
Copyright 2010, SecurityFocus