• info
• discussion
• exploit
• solution
• references

Baltimore Technologies WEBsweeper Restricted Directory Disclosure Vulnerability

WEBsweeper is an application which implements content security of suspicious filetypes, hidden mailtos, web content, HTTP and FTP transfers, scripts, etc.

Due to a flaw in WEBsweeper, a remote user could gain access to known restricted web directories. Requesting for a known directory along with specially chosen characters, could reveal the contents of the unauthorized directory.