MetaProducts Offline Explorer File System Disclosure Vulnerability

MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time.

It is possible to view the full contents of the directory structure of a system Offline Explorer resides on. By default, Offline Explorer listens on port 800. A remote user may retrieve a directory listing and browse its contents without any authorization whatsoever by issuing a GET request followed by a corresponding physical or logical drive letter.

Eg.

http://target:800/C:/
will reveal a directory listing for drive C.


 

Privacy Statement
Copyright 2010, SecurityFocus