Hosting Controller 7C - 'FolderManager.aspx' Directory Traversal

EDB-ID:

29357


Author:

KAPDA

Type:

webapps


Platform:

ASP

Date:

2006-12-27


source: https://www.securityfocus.com/bid/21786/info

Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. 

An attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver process. This may aid in further attacks.

This issue affects version 7C; earlier versions may also be vulnerable.

http://www.example.com/FolderManager/FolderManager.aspx?BrowseLevel=1&BrowsePath=[SITE NORMAL PATH]\..\..\..\..\program%20files