vendor:
1
by:
AmnPardaz Security Research & Penetration Testing Group
N/A
CVSS
N/A
Directory traversal
22
CWE
Product Name: 1
Affected Version From: -1
Affected Version To: 1)'strSubFolderName = Replace(strSubFolderName
Patch Exists: 1
Related CWE:
CPE: \\""
Metasploit:
..""
Other Scripts:
'
Platforms Tested: -1
2008
Web Wiz NewsPad(TM)
Input passed to the FolderName parameter in "RTE_file_browser.asp" is not properly sanitised before being used. This can be exploited to list directories, list txt and list zip files through directory traversal attacks.Also, "RTE_file_browser.asp" does not check user's session and an unauthenticated attacker can perform this attack.-POC:http://[WebWiz NewsPad]/RTE_file_browser.asp?look=&sub=.....\.....\.....\
Mitigation:
Only add the following lines to the code in "RTE_file_browser.asp":'strSubFolderName = Replace(strSubFolderName, "/", "\"
