header-logo
Suggest Exploit
vendor:
W-Agora
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure
22
CWE
Product Name: W-Agora
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

File Disclosure Vulnerability in W-Agora

W-Agora is vulnerable to a file disclosure vulnerability due to inadequate sanitization of user-supplied input. An attacker can construct a URL consisting of dot-dot-slash (../) character sequences to obtain access to files outside of the document root.

Mitigation:

Ensure that user-supplied input is properly sanitized and that access to sensitive files is restricted.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6595/info

A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input.

An attacker can construct a URL consisting of dot-dot-slash (../) character sequences to obtain access to files outside of the document root. It should be noted that only files accessible by the web server will be disclosed to the attacker. 

http://target/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR