5 lines
No EOL
557 B
Text
Executable file
5 lines
No EOL
557 B
Text
Executable file
source: http://www.securityfocus.com/bid/7125/info
|
|
|
|
Kebi Academy 2001 does not sufficiently validate input supplied via URI parameters. As a result it has been reported that it is possible to retrieve arbitrary files which are readable by the web server. It has also been reported that it is possible to upload malicious files to the server. This could result in disclosure of sensitive information or execution of arbitrary commands in the context of the web server.
|
|
|
|
http://www.example.com/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor |