Carey Internets Services Commerce.cgi Directory Traversal Vulnerability

It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory will disclose the requested resource.


 

Privacy Statement
Copyright 2010, SecurityFocus