5 lines
No EOL
542 B
Text
5 lines
No EOL
542 B
Text
source: http://www.securityfocus.com/bid/6055/info
|
|
|
|
A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash (../) directory traversal sequences. The request must be for a known resource, and the file request must be appended by a null byte (%00).
|
|
|
|
http://www.example.com/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00 |