Hosting Controller 7C - 'FolderManager.aspx' Directory Traversal

EDB-ID:

29357

Author:

KAPDA

Type:

webapps

Platform:

ASP

Published:

2006-12-27

source: http://www.securityfocus.com/bid/21786/info

Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. 

An attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver process. This may aid in further attacks.

This issue affects version 7C; earlier versions may also be vulnerable.

http://www.example.com/FolderManager/FolderManager.aspx?BrowseLevel=1&BrowsePath=[SITE NORMAL PATH]\..\..\..\..\program%20files