header-logo
Suggest Exploit
vendor:
WebXQ Server
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: WebXQ Server
Affected Version From: DataWizard WebXQ server
Affected Version To: DataWizard WebXQ server
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: o:datawizard:webxq_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

DataWizard WebXQ Server Directory Traversal

DataWizard WebXQ server is vulnerable to a directory traversal attack, which allows a remote user to obtain read access to directories and files outside the web root. This can be done by including '/../' sequences along with a known file or directory in requested URLs.

Mitigation:

Ensure that the web server is configured to deny requests containing '/../' sequences.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2660/info

DataWizard WebXQ server could be led to traverse directories and possibly reveal files outside of the web root.

By including '/../' sequences along with a known file or directory in requested URLs, a remote user can obtain read access to the requested directories and files outside the web root, potentially compromising the privacy of user data and/or obtaining information which could be used to further compromise the host. 

http://www.example.com/./.../[target file]

Navigation

Suggest Exploit

Services By CQR