TUCoPS :: Web :: General :: web5206.htm

PCI Netsupport Manager web interface direcory traversal and file download
25th Mar 2002 [SBWID-5206]
COMMAND

	PCI  Netsupport  Manager  web  interface  direcory  traversal  and  file
	download

SYSTEMS AFFECTED

	PCI Netsupport Manager up to version 7

PROBLEM

	Watcher60 sposted :
	

	It is possible to view  and  download  files  on  machines  running  PCI
	Netsupport Manager (all version up to 7) that have  the  web  extensions
	switched on (default port 80).
	

	Example on a standard version 5.5 install (location c:\\nsm) the URL  to
	view the boot.ini file in the root would be:
	

	http://machinename:relevant_port/../boot.ini

	

	version 6 +:
	

	http://machinename:relevant_port/../../boot.ini

	

SOLUTION

	This bug is fixed in version 7 onwards

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH