https://www.exploit-db.com/exploits/20234
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-037

ExtentRBSISPweb服务器存在目录遍历漏洞。远程攻击者借助对Image参数的..(点点)攻击读取敏感信息。

source: http://www.securityfocus.com/bid/1704/info

A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any available file includeing credit card details, username, password etc.

For example:

http://target:8002/Newuser?Image=../../database/rbsserv.mdb

来源:XF
名称:rbs-isp-directory-traversal
链接:http://xforce.iss.net/static/5275.php
来源:BID
名称:1704
链接:http://www.securityfocus.com/bid/1704
来源:BUGTRAQ
名称:20000920ExtentRBSdirectoryTransversal.
链接:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html