11 lines
No EOL
602 B
Text
11 lines
No EOL
602 B
Text
source: https://www.securityfocus.com/bid/7828/info
|
|
|
|
ImageFolio 'admin.cgi' has been reported prone to a directory traversal vulnerability.
|
|
|
|
By supplying directory traversal sequences, as a URI parameter, to the 'admin.cgi' script an attacker may break out of the web root directory.
|
|
|
|
Successful exploitation may expose sensitive information to remote attackers. This information could be used to aid in further attacks against the affected system.
|
|
|
|
http://www.samplesite.com/cgi-bin/imagefolio/admin/admin.cgi?cgi=remove.
|
|
pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../.
|
|
./etc/ |