Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbJerome AthiasEDB-ID:24408
HistoryAug 24, 2004 - 12:00 a.m.

Web-APP.Org WebAPP 0.8/0.9.x - Directory Traversal

2004-08-2400:00:00
Jerome Athias
www.exploit-db.com
18

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/11028/info

WebAPP is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input data.

An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. gthe attacker could trivially retrieve DES-encrypted password hashes for all users of the application. This may aid the attacker in further attacks. 

http://www.example.com/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00

Related

nessus 1
cvelist 1
cve 1
nvd 1
nessus
nessus
WebAPP Directory Traversal
2004-08-24 00:00:00
cvelist
cvelist
CVE-2004-1742
2005-02-26 05:00:00
cve
cve
CVE-2004-1742
2005-02-26 05:00:00
nvd
nvd
CVE-2004-1742
2004-08-24 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:24408
nessus1cvelist1cve1nvd1