Saturday July 31, 2010
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 XMB Forums Multiple Vulnerabilities
  3 Multiple Invision Power Board Vulnerabilities
  4 Mambo Multiple Vulnerabilities
  5 MySQL Eventum Multiple Vulnerabilities
  6 Gallery 2 Multiple Vulnerabilities
  7 Geeklog Remote Code Execution
  8 RunCMS Multiple Vulnerabilities
  9 Kayako LiveResponse Multiple Vulnerabilities
10 phpRPC Library Remote Code Execution
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Research Services About Contact
Keene Digital Media Server Directory Traversal
August 25, 2004
Vendor : Keene Software
URL : http://www.keenesoftware.com
Version : Keene Digital Media Server 1.0.2
Risk : Directory Traversal Vulnerability
BID : http://www.securityfocus.com/bid/11057


Description:
Keene Digital Media Server is an easy and affordable way to share all things digital with friends, family, and customers over your broadband connection. DMS turns your computer into a highly secure Web server that automatically converts your files and folders into Web pages, thumbnails, and media shows with no Web programming required. Integrated user and file access security management provide the ultimate control over your content.


Directory Traversal Vulnerability:
Not too long ago i saw there was a directory traversal vuln found in Keene Digital Media Server. it was fixed by the developers, but

http://localhost/%2E%2E%5Csystem.log

It seems that only ../ and %2E%2E/ were filtered out. If you hex encode the backslash or use a forward slash you can then traverse out of the web directory. For example I am able to grab the server log file with the above request.


Solution:
I contacted the developers but never received a response.


Credits:
James Bercegay of the GulfTech Security Research Team.

Terms of Use | Disclaimer
Copyright 2010 GulfTech Research And Development, LLC. All Rights Reserved