VB Marketing - tseekdir.cgi Local File Inclusion

2008-01-28T00:00:00
ID EXPLOITPACK:05817A049B6A7D13B55B5CF839238565
Type exploitpack
Reporter Sw33t h4cK3r
Modified 2008-01-28T00:00:00

Description

VB Marketing - tseekdir.cgi Local File Inclusion

                                        
                                            source: https://www.securityfocus.com/bid/27475/info

VB Marketing is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to include local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks. 

http://www.example.com/cgi-bin/tseekdir.cgi?location=/etc/passwd%00