header-logo
Suggest Exploit
vendor:
Mailtraq
by:
SecurityFocus
3.3
CVSS
MEDIUM
Directory traversal and Path disclosure
22
CWE
Product Name: Mailtraq
Affected Version From: 1.1.2004
Affected Version To: 1.1.2004
Patch Exists: NO
Related CWE: N/A
CPE: a:fastraq:mailtraq
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Directory traversal and Path disclosure vulnerability in Fastraq Mailtraq 1.1.4

A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string. In addition, requesting a URL appended with '../' and an unusually long character string will return an error message disclosing the full path of the Mailtraq installation directory.

Mitigation:

Ensure that the web server is configured to deny access to any directory outside of the web root directory.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1278/info

A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string.

In addition, requesting a URL appended with "../" and an unusually long character string will return an error message disclosing the full path of the Mailtraq installation directory. 

Directory traversal vulnerability:
http: //target/../../knowndirectory/

Path disclosure vulnerability:
http:&nbsp;//target/../<very long character string>

Navigation

Suggest Exploit

Services By CQR