• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sybex E-Trainer Software Relative Path Filtering Directory Traversal Vulnerability

E-Trainer is a commercially available Computer-Based Training (CBT) software package, maintained and distributed by Sybex. It is available for Microsoft Windows 95, 98, NT 4.0, and 2000 platforms.

The Sybex software package does not sufficiently sanitize input. Upon connecting to the web browser, it is possible for a user to supply a string containing relative paths. In doing so, it is possible for a user to view files with the permissions of the HTTP daemon.