vendor:
1
by:
AmnPardaz Security Research Team
7.5
CVSS
HIGH
Directory traversal
22
CWE
Product Name: 1
Affected Version From: -1
Affected Version To: 1) strSubFolderName = Replace(strSubFolderName
Patch Exists: 1
Related CWE: N/A
CPE: \""
Metasploit:
..""
Other Scripts:
'
Platforms Tested: -1
2008
Web Wiz Forums(TM)
Input passed to the FolderName parameter in "RTE_file_browser.asp" and "file_browser.asp" are not properly sanitised before being used. This can be exploited to list directories, list txt and list zip files through directory traversal attacks. Also, "RTE_file_browser.asp" does not check user's session and an unauthenticated attacker can perform this attack.
Mitigation:
Add the following lines to "RTE_file_browser.asp" and "file_browser.asp": strSubFolderName = Replace(strSubFolderName, "/", "\"
