|
Family: Remote file access --> Category: infos
AliBaba path climbing Vulnerability Scan
Vulnerability Scan Summary GET ../../file
Detailed Explanation for this Vulnerability Test
The remote HTTP server
allows a possible hacker to read arbitrary files
on the remote web server, simply by adding
dots in front of its name.
Example:
GET /../../winnt/boot.ini
will return your C:\winnt\boot.ini file.
Solution : Upgrade your web server to a
version that solves this vulnerability, or
consider changing to another web server, such
as Apache (http://www.apache.org).
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|