Heat-On HSWeb Web Server 2.0 - Full Path Disclosure

EDB-ID:

20609


Author:

Joe Testa

Type:

remote


Platform:

CGI

Date:

2001-02-04


source: https://www.securityfocus.com/bid/2336/info

Requesting a specially crafted URL will make it possible for a remote attacker to disclose the physical path to the web root and peruse the entire directory listing. 

http://target/cgi/