6 lines
No EOL
336 B
Text
6 lines
No EOL
336 B
Text
source: http://www.securityfocus.com/bid/1462/info
|
|
|
|
The HTTP interface for WorldClient 2.1 is vulnerable to a directory traversal. By requesting a URL composed of the filename and ..\ it is possible for a remote user to retrieve and dowload any file of known location.
|
|
|
|
Example:
|
|
http://email.victim.com/..\..\..\winnt\repair\sam._ |