TUCoPS :: Windows Apps :: sb6001.htm

Priviledge escalation
20th Feb 2003 [SBWID-6001]
COMMAND

	Priviledge escalation

SYSTEMS AFFECTED

	Windows XP

PROBLEM

	Thanks to Tristan aka Timus [http://www.Security-Corp.org] :
	
	 http://www.security-corp.org/advisories/SCSA-004-FR.txt
	
	A vulnerability was found allowing an user of a  restricted  session  to
	have access to private files belonging to any user of the machine,  also
	the administrators.
	
	
	 EXPLOIT
	 ________________________________________________________________________
	
	The exploit is very simple, it is enough to install a httpd Server  such
	as ŠApache. Put them on the disc where Windows  Microsoft  is  installed
	as resources of the server. Connect you to the following address:
	
	 http://localhost/
	
	The index of the disc thus appears to the screen.  You  can  then  cross
	the directory /documents and  Setting/  and  so  to  reach  the  private
	files.

SOLUTION

	?

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH