https://www.exploit-db.com/exploits/19537
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199910-009

TeamTrackweb服务器存在漏洞。远程攻击者借助..(点点）攻击读取任意文件。

source: http://www.securityfocus.com/bid/689/info

TeamTrack 3.00 has a built-in webserver which is meant to be used during the evaluation period, or until IIS or Netscape Enterprise/FastTrack is installed. This server does not filter out requested paths containing the ../ sequence. Because of this, an attacker can specify a file outside of the normal web file structure. The name and relative path (from the web root) of the file must be known by the attacker.

Requesting the following URL from the TeamTrack server will display the contents of the target's SAM file: (NT only)
http ://target.com/../../../../../winnt/repair/sam._

来源:BID
名称:689
链接:http://www.securityfocus.com/bid/689
来源:OSVDB
名称:1096
链接:http://www.osvdb.org/1096