header-logo
Suggest Exploit
vendor:
WebAPP
by:
Unknown
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: WebAPP
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not applicable
CPE: a:webapp:webapp
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

WebAPP Directory Traversal Vulnerability

WebAPP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input data. An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. In this case, the attacker could retrieve DES-encrypted password hashes for all users of the application, aiding them in further attacks.

Mitigation:

The vendor should sanitize user-supplied input data to prevent directory traversal attacks. It is recommended to apply the latest patches and updates for WebAPP to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11028/info

WebAPP is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input data.

An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. gthe attacker could trivially retrieve DES-encrypted password hashes for all users of the application. This may aid the attacker in further attacks. 

http://www.example.com/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00

Navigation

Suggest Exploit

Services By CQR