Sitebuilder 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability

info
discussion
exploit
solution
references

Sitebuilder 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability

Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-supplied input for directory traversal sequences (../) supplied to the 'sitebuilder.cgi' script, thus making it possible to access files outside of the established web root.