ID EDB-ID:29357 Type exploitdb Reporter KAPDA Modified 2006-12-27T00:00:00
Description
Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability. CVE-2006-6814. Webapps exploit for asp platform
source: http://www.securityfocus.com/bid/21786/info
Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver process. This may aid in further attacks.
This issue affects version 7C; earlier versions may also be vulnerable.
http://www.example.com/FolderManager/FolderManager.aspx?BrowseLevel=1&BrowsePath=[SITE NORMAL PATH]\..\..\..\..\program%20files
{"hash": "370121230bee035828be79516b6eb38056a2b507287198fcb03bf7fc4f70d3f4", "id": "EDB-ID:29357", "lastseen": "2016-02-03T10:07:30", "enchantments": {"vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/29357/", "description": "Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability. CVE-2006-6814. Webapps exploit for asp platform", "title": "Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/21786/info\r\n\r\nHosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. \r\n\r\nAn attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver process. This may aid in further attacks.\r\n\r\nThis issue affects version 7C; earlier versions may also be vulnerable.\r\n\r\nhttp://www.example.com/FolderManager/FolderManager.aspx?BrowseLevel=1&BrowsePath=[SITE NORMAL PATH]\\..\\..\\..\\..\\program%20files", "objectVersion": "1.0", "cvelist": ["CVE-2006-6814"], "published": "2006-12-27T00:00:00", "osvdbidlist": ["32550"], "references": [], "reporter": "KAPDA", "modified": "2006-12-27T00:00:00", "href": "https://www.exploit-db.com/exploits/29357/"}
{"result": {"cve": [{"id": "CVE-2006-6814", "type": "cve", "title": "CVE-2006-6814", "description": "Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\\ (dot dot backslash) sequences in the BrowsePath parameter.", "published": "2006-12-29T06:28:00", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6814", "cvelist": ["CVE-2006-6814"], "lastseen": "2016-09-03T08:05:33"}], "osvdb": [{"id": "OSVDB:32550", "type": "osvdb", "title": "Hosting Controller FolderManager/FolderManager.aspx BrowsePath Variable Traversal Arbitrary File Access", "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1017447\n[Secunia Advisory ID:23585](https://secuniaresearch.flexerasoftware.com/advisories/23585/)\nOther Advisory URL: http://www.kapda.ir/advisory-458.html\nFrSIRT Advisory: ADV-2007-0023\n[CVE-2006-6814](https://vulners.com/cve/CVE-2006-6814)\nBugtraq ID: 21786\n", "published": "2006-12-26T04:33:57", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:32550", "cvelist": ["CVE-2006-6814"], "lastseen": "2017-04-28T13:20:28"}]}}
