|
Family: CGI abuses --> Category: infos
Interactive Story Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of /cgi-bin/story.pl
Detailed Explanation for this Vulnerability Test
It is possible to read arbitrary files on
the remote server by requesting :
GET /cgi-bin/story.pl?next=../../../file_to_read%00
A possible hacker may use this flaw to read arbitrary files on
this server.
Solution: Upgrade story.pl to the latest version (1.4 or later).
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|