15 lines
No EOL
798 B
Text
15 lines
No EOL
798 B
Text
source: https://www.securityfocus.com/bid/6091/info
|
|
|
|
A vulnerability has been discovered in ION Script.
|
|
|
|
By sending a malicious HTTP request to a webserver running the vulnerable ION Script package, it is possible for a remote attacker to disclose arbitrary webserver readable files. As webservers are often run with high privileges, it may be possible to disclose sensitive system files.
|
|
|
|
Exploiting this issue may allow an attacker to gain information required to launch further attacks against the target system.
|
|
|
|
ION Script for UNIX has also been confirmed vulnerable to this issue.
|
|
|
|
It is not yet known which ION Script packages are vulnerable to this issue.
|
|
|
|
http://www.example.com/cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
|
|
|
|
http://www.example.com/cgi-bin/ion-p?page=../../../../../etc/hosts |