|
Family: Remote file access --> Category: infos
Boa file retrieval Vulnerability Scan
Vulnerability Scan Summary Boa file retrieval
Detailed Explanation for this Vulnerability Test
The remote Boa server
allows a possible hacker to read arbitrary files
on the remote web server, prefixing the
pathname of the file with hex-encoded
../../..
Example:
GET /%2e%2e/%2e%2e/%2e%2e/etc/passwd
will return /etc/passwd.
Solution: upgrade to a later version of the
server found at http://www.boa.org
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|