header-logo
Suggest Exploit
vendor:
XWeb
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: XWeb
Affected Version From: XWeb 1.0
Affected Version To: XWeb 1.0
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:xweb:xweb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

XWeb Directory Traversal Vulnerability

XWeb is vulnerable to directory traversal attacks, allowing remote attackers to gain access to sensitive files outside of the server root. This can be done by appending "../" to the URL, such as http://www.example.com/../../../../etc/passwd.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9937/info

XWeb is reportedly prone to directory traversal attacks. Remote attackers may exploit this issue to gain access to sensitive files outside of the server root. This would occur in the context of the server, i.e.: any files the server could access would also be accessible to the attacker.

http://www.example.com/../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR