CVE-2006-1771

SAXoTECH SAXoPRESS - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1771. PoCs published by SecuriTeam.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in SAXoPRESS, allowing an attacker to retrieve arbitrary files from the system by manipulating the 'url' parameter in the 'pbcs.dll' endpoint.

Description

Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecuriTeam · textremotewindows

https://www.exploit-db.com/exploits/27627

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in SAXoPRESS, allowing an attacker to retrieve arbitrary files from the system by manipulating the 'url' parameter in the 'pbcs.dll' endpoint.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SAXoPRESS (version not specified)

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK