CVE-2006-5596

AEP Smartgate 4.3b - Directory Traversal via HTTP GET Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5596. PoCs published by prdelka.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in AEP Smartgate's SSL server to download arbitrary files. It constructs a malicious HTTP GET request with traversal sequences to access files outside the web root.

Description

Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by prdelka · cremotewindows

https://www.exploit-db.com/exploits/2637

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability in AEP Smartgate's SSL server to download arbitrary files. It constructs a malicious HTTP GET request with traversal sequences to access files outside the web root.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: AEP Smartgate V4.3B

No auth needed

Prerequisites: Network access to the target's SSL port (default 443) · OpenSSL library for SSL/TLS communication

MITRE ATT&CK