Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure

EDB-ID:

24164

CVE:

2004-2636

EDB Verified:

Author:

Ziv Kamir

Type:

webapps

Exploit:   /  

Platform:

CGI

Date:

2004-06-01

Vulnerable App: 
source: https://www.securityfocus.com/bid/10445/info

TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules.

This issue will allow an attacker to download or view scripts residing in the 'cgi-bin' directory.

This issue is reported to affect TinyWeb 1.92, it is likely that other versions are also vulnerable. 

http://www.example.com/./cgi-bin/targetfile
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services