Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal Vulnerability

2010-04-15T00:00:00
ID EDB-ID:33840
Type exploitdb
Reporter Pouya Daneshmand
Modified 2010-04-15T00:00:00

Description

Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal Vulnerability. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/39534/info

Ziggurat Farsi CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks. 

http://www.example.com/manager/backup.asp?bck=./../file.asp