7 lines
No EOL
553 B
Text
7 lines
No EOL
553 B
Text
source: https://www.securityfocus.com/bid/2512/info
|
|
|
|
Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks.
|
|
|
|
By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files, compromising the privacy of user data and potentially obtaining information which could be used to further compromise the host's security.
|
|
|
|
http://www.target.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd |