|
|
Family: CGI abuses --> Category: infos
Home Free search.cgi directory traversal Vulnerability Scan
Vulnerability Scan Summary
Attempts GET /cgi-bin/search.cgi?\\..\\..\\file.txt
Detailed Explanation for this Vulnerability Test
It is possible to read arbitrary files on
the remote server by requesting :
GET /cgi-bin/search.cgi?letter=\\..\\..\\.....\\file_to_read
A possible hacker may use this flaw to read arbitrary files on
this server.
Solution : remove this CGI from /cgi-bin
Bugtraq ID : 921
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
