Way to the Web TalkBack.cgi Directory Traversal Vulnerability

TalkBalk is a CGI script written by Way to the Web that allows website administrators to facilitate user feedback.

A vulnerability exists in talkback.cgi which can allow a remote user to traverse the filesystem of a target host. This may lead to the disclosure of possibly sensitive file contents.

Files and directories can be accessed through the use of double dot '../' techniques along with a relative path to the known resource.

Disclosed content is dependant on the privilege level of the user the server is running under.

This attack may lead to the disclosure of sensitive information and may aid in the assistance of future attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus