ASP Folder Gallery download_script.asp file Variable Arbitrary File Access

2007-06-06T00:00:00
ID OSVDB:38372
Type osvdb
Reporter OSVDB
Modified 2007-06-06T00:00:00

Description

Manual Testing Notes

http://[target]/aspfoldergallery/download_script.asp?file=viewimage.asp

References:

Other Advisory URL: http://securityreason.com/securityalert/2793 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0073.html ISS X-Force ID: 34906 CVE-2007-3158 Bugtraq ID: 24345