Webfroot Shoutbox 2.32 - 'URI' File Disclosure
| EKU-ID: 28147 | CVE: OSVDB-15391 | OSVDB-ID: |
| Author: pokleyzz | Published: 2003-05-29 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28147 | CVE: OSVDB-15391 | OSVDB-ID: |
| Author: pokleyzz | Published: 2003-05-29 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7737/info Shoutbox is prone to directory traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to URI parameters. An attacker can exploit this vulnerability by manipulating the value of the affected 'conf' URI parameter to obtain any files readable by the web server. http://blablabla.com/shoutbox.php?conf=../../../../../../../etc/passwd