Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

[EMAIL PROTECTED] wrote: > http://www.safenet-inc.com/support/tech/sentinel.asp# Yes I got the files from there. You can see the changing of the version from the Version tab in the properties of the executables. The version change from 7.4.0.0 for Protection and 1.0.3.0 for the Keys server to 7.4

Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

Thanks for the info, I'll try it somemore. Take Care --John -- Original message -- From: Luigi Auriemma <[EMAIL PROTECTED]> > [EMAIL PROTECTED] wrote: > > Interresting, how are you running the Get command? Is safenet > > installed on a workstation or server? >

Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

Were did you get version SafeNet Sentinel Protection and Key Server 7.4.1.0? All i see on the website is 7.4.0, and after I install the patch and reboot, it still shows as version 7.4.0. http://www.safenet-inc.com/support/tech/sentinel.asp# Thanks --John -- Original message --

Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

[EMAIL PROTECTED] wrote: > Interresting, how are you running the Get command? Is safenet > installed on a workstation or server? Here I have Windows XP Pro SP2. All the tests have been made using the raw GET request as I reported in my advisory using netcat because the browsers usually modify the

Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

Interresting, how are you running the Get command? Is safenet installed on a workstation or server? --John -- Original message -- From: Luigi Auriemma <[EMAIL PROTECTED]> > [EMAIL PROTECTED] wrote: > > Hello everyone, was the server rebooted after the patch was i

Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

[EMAIL PROTECTED] wrote: > Hello everyone, was the server rebooted after the patch was installed? Naturally, in fact before the patch I was able to exploit the directory traversal with both slash and backslash while after having applied the fix only when I use the backslash. I have also uninstall

Re: [Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

Hello everyone, was the server rebooted after the patch was installed? I just setup a SafeNet Sentinel Protection Server SafeNet Sentinel Keys Server 7.4 and the exploit worked. Once I isntalled the patch, and rebooted, when I try to run the exploit the server repsonds with "The Page Cannot

[Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0

### Luigi Auriemma Application: SafeNet Sentinel Protection Server SafeNet Sentinel Keys Server http://www.safenet-inc.com Versions: <= 7.4.1.0 (aka SPI740SecurityPat