https://www.exploit-db.com/exploits/23813
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-427

VocalTecVGW4/8Gateway8.0版本存在漏洞。远程攻击者可以借助到带有拖尾斜杠(/)的home.asp的HTTP请求绕过认证。

source: http://www.securityfocus.com/bid/9876/info

It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error in the application that allows a user to access configuration pages without prior authentication.

Successful exploitation of this issue may allow a remote attacker to gain control of the affected appliance via its web configuration tool.

http://www.example.com/home.asp/
http://www.example.com/home.asp/../menu.asp

来源:XF
名称:vgw48-gateway-directory-traversal(15476)
链接:http://xforce.iss.net/xforce/xfdb/15476
来源:BUGTRAQ
名称:20040315VocalTecGateway8ReverseDirectoryTransversal+AuthorizationBypass
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107936739131657&w;=2
来源:BID
名称:9876
链接:http://www.securityfocus.com/bid/9876