6 lines
No EOL
331 B
Text
6 lines
No EOL
331 B
Text
source: https://www.securityfocus.com/bid/1462/info
|
|
|
|
The HTTP interface for WorldClient 2.1 is vulnerable to a directory traversal. By requesting a URL composed of the filename and ..\ it is possible for a remote user to retrieve and dowload any file of known location.
|
|
|
|
Example:
|
|
http://email.victim.com/..\..\..\winnt\repair\sam._ |