BugTraq
Re: [Full-disclosure] Vulnerabilities in Timbuktu Pro 8.6.5 Mar 11 2008 10:29AM
titon bastardlabs com
>####################################
> Luigi Auriemma
>
> Application: Timbuktu Pro Remote Control Software
> [...snip...]
> -------------------------------------
> B] limited upload directory traversal
> -------------------------------------
> [...snip...]
> Currently I have found no ways to bypass this limitation.

Nice find ! But do you realize that this is public since July 07 ?
If not, you may want to read this:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=589

and this
http://www.milw0rm.com/exploits/4455

All you had to do was add as many "\" as you want at the beginning
of the filename string. (i.e "\../../../pwn3d.exe")

Also, to overwrite existing files, try to break the connection
before the final "\xfe", the program will create a notepad2.exe,
but then it will delete the real notepad.exe. After that, all you have
to do is loop again to re-create the file with your own content.

> ======
> 4) Fix
> ======
> No fix

I assume you contacted the vendor before disclosing this ?
http://www.netopia.com/corp/contact_us.html

titon.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus