source: http://www.securityfocus.com/bid/5029/info My Postcards is a commercial available eletronic postcard system. It is available for Unix and Linux Operating Systems. The magiccard.cgi script does not properly handle some types of input. As a result, it may be possible for a remote user to specify the location of a specific file on the system hosting the My Postcards software. Upon specifying the location of a file that is readable by the web server process, the user could disclose the contents of the specified file. http://www.example.com/cgi-bin/magiccard.cgi?pa=preview&next=custom&page=../../../../../../../../../../etc/passwd
Related Exploits
Trying to match CVEs (1): CVE-2002-1966Trying to match OSVDBs (1): 39356
Other Possible E-DB Search Terms: My Postcards 6.0, My Postcards
Date | D | V | Title | Author | No matches |
---|