|
Family: CGI abuses --> Category: attack
FAQManager Arbitrary File Reading Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tests for FAQManager Arbitrary File Reading Vulnerability
Detailed Explanation for this Vulnerability Test
FAQManager is a Perl-based CGI for maintaining a list of
Frequently asked Questions. Due to poor input validation it is possible to
use this CGI to view arbitrary files on the web server. For example:
http://www.someserver.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00
Solution:
A new version of FAQManager is available at:
www.fourteenminutes.com/code/faqmanager/
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|