header-logo
Suggest Exploit
vendor:
TopSites
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: TopSites
Affected Version From: TopSites 3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Directory Traversal Vulnerability in TopSites

The TopSites application is vulnerable to a directory-traversal vulnerability. This vulnerability occurs due to the lack of proper sanitization of user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system, potentially in the context of the webserver process. The information obtained through this exploit may aid in further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply proper input validation and sanitization techniques to user-supplied input. Additionally, restricting access to sensitive files and directories can also help prevent exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23419/info

TopSites is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.

This issue affects TopSites 3; other versions may also be vulnerable. 

http://www.example.com/Path/admin/index.php?page=template&modify=../../../../../../etc/passwd
http://www.example.com/Path/admin/index.php?page=template&modify=inc/config.ini.php

Navigation

Suggest Exploit

Services By CQR