header-logo
Suggest Exploit
vendor:
Roundup
by:
5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: Roundup
Affected Version From: 2000.6.11
Affected Version To: 2000.6.11
Patch Exists: YES
Related CWE:
CPE: a:roundup:roundup:0.6.11
Metasploit:
Other Scripts:
Platforms Tested:

Roundup Remote File Disclosure Vulnerability

The vulnerability allows a remote user to disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences.

Mitigation:

Upgrade to Roundup version 0.6.12 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10495/info

Roundup is prone to a remote file disclosure vulnerability. A remote user can disclose files on a vulnerable computer by using the /home/@@file/ prefix and '../' directory traversal sequences.

This vulnerability affects Roundup 0.6.11 and prior versions. 

GET /cit/@@file/../../../../etc/passwd HTTP/1.0