W3Mail 1.0.6 File Disclosure Vulnerability

2002-11-12T00:00:00
ID EDB-ID:22015
Type exploitdb
Reporter Tim Brown
Modified 2002-11-12T00:00:00

Description

W3Mail 1.0.6 File Disclosure Vulnerability. CVE-2002-2399. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/6170/info

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters. 

viewAttachment.cgi?file=../../../../../etc/passwd