- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23613
- Проверка EDB
-
- Пройдено
- Автор
- ZONE-H SECURITY TEAM
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2004-2127
- Дата публикации
- 2004-01-20
Код:
source: https://www.securityfocus.com/bid/9517/info
Web Blog is prone to a file disclosure vulnerability. Remote attackers may gain access to files on the system hosting the server that reside outside of the server root by submitting a malicious request that contains directory traversal sequences. This would permit the attacker to access files that are readable by the server and could disclose sensitive information.
http://www.example.com/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd- Источник
- www.exploit-db.com
