Walla TeleSite 3.0 - 'ts.cgi' File Existence Enumeration

EDB-ID:

26509




Platform:

CGI

Date:

2005-11-15


source: https://www.securityfocus.com/bid/15419/info
   
Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
   
Walla TeleSite is prone to information and path disclosure, file enumeration, SQL injection, and cross-site scripting attacks within the context of the victim's Web browser and the affected computer.
   
Other attacks are also possible.
   
Walla Telesite version 3.0 is affected; earlier versions are also affected. 

http://www.example.com/ts.cgi?c:\boot.ini
http://www.example.com/ts.cgi?c:\boot1.ini