header-logo
Suggest Exploit
vendor:
Master Index
by:
SecurityFocus
7.5
CVSS
HIGH
Path Traversal
22
CWE
Product Name: Master Index
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Master Index Path Traversal Vulnerability

Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability, which allows a remote user to 'back out' of the web root directory and view/download any file which the user who is running Master Index has permission to read.

Mitigation:

Upgrade to the latest version of Master Index.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1772/info

Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' (.../) of the web root directory and view/download any file which the user who is running Master Index has permission to read.

Example: 

http://www.target.com/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../.. ../../etc