7 lines
No EOL
650 B
Text
7 lines
No EOL
650 B
Text
source: http://www.securityfocus.com/bid/5029/info
|
|
|
|
My Postcards is a commercial available eletronic postcard system. It is available for Unix and Linux Operating Systems.
|
|
|
|
The magiccard.cgi script does not properly handle some types of input. As a result, it may be possible for a remote user to specify the location of a specific file on the system hosting the My Postcards software. Upon specifying the location of a file that is readable by the web server process, the user could disclose the contents of the specified file.
|
|
|
|
http://www.example.com/cgi-bin/magiccard.cgi?pa=preview&next=custom&page=../../../../../../../../../../etc/passwd |