header-logo
Suggest Exploit
vendor:
N/A
by:
SecurityFocus
3.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Remote Installation Directory Discovery

Remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.

Mitigation:

Ensure that the WebAdmin server is configured to restrict access to sensitive information.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7439/info

Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.

http://www.example.com/WebAdmin.dll?session=X&Program=MDaemon&Directory:Name=C:\MDaemon\App&File:Name=MDAEMON.INI&View=EditFile

Navigation

Suggest Exploit

Services By CQR