header-logo
Suggest Exploit
vendor:
Kebi Academy 2001
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Retrieval and Upload
434
CWE
Product Name: Kebi Academy 2001
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Kebi Academy 2001 Arbitrary File Retrieval and Upload Vulnerability

Kebi Academy 2001 does not sufficiently validate input supplied via URI parameters. As a result it has been reported that it is possible to retrieve arbitrary files which are readable by the web server. It has also been reported that it is possible to upload malicious files to the server. This could result in disclosure of sensitive information or execution of arbitrary commands in the context of the web server.

Mitigation:

Input validation should be performed to ensure that only expected parameters are accepted and that they are valid.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7125/info

Kebi Academy 2001 does not sufficiently validate input supplied via URI parameters. As a result it has been reported that it is possible to retrieve arbitrary files which are readable by the web server. It has also been reported that it is possible to upload malicious files to the server. This could result in disclosure of sensitive information or execution of arbitrary commands in the context of the web server.

http://www.example.com/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor

Navigation

Suggest Exploit

Services By CQR