Escapade 0.2.1 Beta Scripting Engine - 'PAGE' Full Path Disclosure

Author: Bahaa Naamneh
type: webapps
platform: cgi
port: 
date_added: 2003-09-09 
date_updated: 2012-12-03 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/8574/info

Escapade is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing a request for an invalid resource, passed as a value for the PAGE parameter to the Escapade Scripting Engine.

http://www.site.com/cgi-bin/esp?PAGE=!@#$%