CGIScript.net CSNews Sensitive File Disclosure Vulnerability

info
discussion
exploit
solution
references

CGIScript.net CSNews Sensitive File Disclosure Vulnerability

A number of sensitive csNews files may be accessed by unauthorized users. Database files may be accessed in this manner, potentially exposing database authentication credentials and other sensitive information.

Metacharacters in requests for database files must be double URL encoded. For example:

default%2edb