5 lines
No EOL
501 B
Text
5 lines
No EOL
501 B
Text
source: https://www.securityfocus.com/bid/2025/info
|
|
|
|
Novell NetWare Web Server 2.x versions came with a CGI written in BASIC called convert.bas. This script allows retrieval of files outside of the normal web server context. This can be accomplished simply by submitting the filename and path as a parameter to the script, using relative paths (../../) to traverse directories. Access may or may not be limited to the SYS: volume.
|
|
|
|
http://targethost/scripts/convert.bas?../../anything/you/want/to/view |