Ultimate HelpDesk getfile.asp filename Variable Traversal Arbitrary File Access

2006-12-01T11:03:46
ID OSVDB:31730
Type osvdb
Reporter OSVDB
Modified 2006-12-01T11:03:46

Description

Manual Testing Notes

/getfile.asp?filename=../../../boot.ini

References:

Secunia Advisory ID:23225 Related OSVDB ID: 31729 ISS X-Force ID: 30722 Generic Exploit URL: http://milw0rm.com/exploits/2881 FrSIRT Advisory: ADV-2006-4819 CVE-2006-6381