header-logo
Suggest Exploit
vendor:
Shoutbox
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Shoutbox
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Shoutbox Directory Traversal

Shoutbox is vulnerable to directory traversal attacks due to insufficient sanitization of user-supplied values to URI parameters. An attacker can exploit this vulnerability by manipulating the value of the affected 'conf' URI parameter to obtain any files readable by the web server.

Mitigation:

Sanitize user-supplied values to URI parameters.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7737/info

Shoutbox is prone to directory traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to URI parameters.

An attacker can exploit this vulnerability by manipulating the value of the affected 'conf' URI parameter to obtain any files readable by the web server.

http://blablabla.com/shoutbox.php?conf=../../../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR