Ads Directory traversal - WinAce Archiver v2.6 Saturday, 25 February 2006 WinAce Archiver v2.6 Directory traversal ACE Cmpression Software & e-merge GmbH http://www.winace.com Credit: The information has been provided by Hamid Ebadi ( Hamid Network Security Team) : This email address is being protected from spam bots, you need Javascript enabled to view it The original article can be found at : http://hamid.ir/security Vulnerable Systems: WinAce Archiver v2.6 and Below Detail : Directory traversal while extracting (.RAR),(.TAR) What is Directory traversal in archivers? that allowed one to create malicous archive files, which would overwrite system files or place dangerous files in defined directory(example :shell.php in wwwroot directory) This could be abused by sending an archive to a local user who would unzip / untar an archive, the archive would then be able to overwrite any file to which the user has write permissions, thus it could also be abused if a system ran som antivirus software which automatically opened archive files. harmless exploit: use HEAP [Hamid Evil Archive Pack] you can find it from Hamid Network Security Team: http://www.hamid.ir/tools/ want to know more ? http://www.hamid.ir/paper   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.