PJ CGI Neo review is vulnerable to a directory traversal attack that allows a remote attacker to access any file outside of the webroot.
992dd31568c4fcc4ccd00ecd6c0ceb0917e4d9075666f57504e17c887cb3ecde
ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving
Published: 29 january 2004
Released: 29 january 2004
Name: PJ CGI Neo review (NeoBoard review)
Affected Systems: Current version
Issue: Remote file retrieving
Author: Zone-h Security Labs
Vendor: http://www.livepj.com
Description
***********
Zone-h Security Team has discovered a flaw in PJ CGI Neo review (NeoBoard review). There is a vulnerability in the current version of NeoBoard that allows an attacker to retrieve arbitrary files from the webserver with its priviledges.
Details
*******
It's possibile for a remote attacker to retrieve any file from a webserver.
For example try this:
http://address/directory/PJreview_Neo.cgi?p=/../../../../../../../../../../../../../../../../etc/passwd
Solution:
*********
The vendor has not been contacted because his site is unreachable.
http://www.zone-h.org/advisories/read/id=3824
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed