VULHUB ™

A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any available file includeing credit card details, username, password etc. For example: http://target:8002/Newuser?Image=../../database/rbsserv.mdb

A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any available file includeing credit card details, username, password etc. For example: http://target:8002/Newuser?Image=../../database/rbsserv.mdb