Carey Internets Services Commerce.cgi Directory Traversal Vulnerability

info
discussion
exploit
solution
references

Carey Internets Services Commerce.cgi Directory Traversal Vulnerability

It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory will disclose the requested resource.