Armada Design Master Index 1.0 - Directory Traversal

Author: pestilence
type: remote
platform: cgi
port: 
date_added: 2000-07-18 
date_updated: 2012-08-06 
verified: 1 
codes: CVE-2000-0924;OSVDB-461 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/1772/info

Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' (.../) of the web root directory and view/download any file which the user who is running Master Index has permission to read.

Example:

http://www.target.com/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../.. ../../etc