Friday September 21, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 Mambo Multiple Vulnerabilities
  4 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  5 MySQL Eventum Multiple Vulnerabilities
  6 Woltlab Burning Board SQL Injection Vulnerability
  7 Geeklog Remote Code Execution
  8 PEAR XML_RPC Library Remote Code Execution
  9 Gallery 2 Multiple Vulnerabilities
10 eBay And Amazon Still Vulnerable
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Archives Research
Keene Digital Media Server Directory Traversal
August 25, 2021
Vendor : Keene Software
URL : http://www.keenesoftware.com
Version : Keene Digital Media Server 1.0.2
Risk : Directory Traversal Vulnerability
BID : http://www.securityfocus.com/bid/11057


Description:
Keene Digital Media Server is an easy and affordable way to share all things digital with friends, family, and customers over your broadband connection. DMS turns your computer into a highly secure Web server that automatically converts your files and folders into Web pages, thumbnails, and media shows with no Web programming required. Integrated user and file access security management provide the ultimate control over your content.


Directory Traversal Vulnerability:
Not too long ago i saw there was a directory traversal vuln found in Keene Digital Media Server. it was fixed by the developers, but

http://localhost/%2E%2E%5Csystem.log

It seems that only ../ and %2E%2E/ were filtered out. If you hex encode the backslash or use a forward slash you can then traverse out of the web directory. For example I am able to grab the server log file with the above request.


Solution:
I contacted the developers but never received a response.


Credits:
James Bercegay of the GulfTech Security Research Team.