7 lines
No EOL
477 B
Text
7 lines
No EOL
477 B
Text
source: http://www.securityfocus.com/bid/1772/info
|
|
|
|
Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' (.../) of the web root directory and view/download any file which the user who is running Master Index has permission to read.
|
|
|
|
Example:
|
|
|
|
http://www.target.com/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../.. ../../etc |