[] NeoSense
E X P L O I T S
title author type platform port cve id

Web-APP.Org WebAPP 0.8/0.9.x - Directory Traversal

Author: Jerome Athias
type: webapps
platform: cgi
port: 
date_added: 2004-08-24 
date_updated: 2013-01-27 
verified: 1 
codes: CVE-2004-1742;OSVDB-9164 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/11028/info

WebAPP is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input data.

An attacker can exploit this vulnerability to retrieve arbitrary, potentially sensitive files from the hosting computer with the privileges of the webserver. gthe attacker could trivially retrieve DES-encrypted password hashes for all users of the application. This may aid the attacker in further attacks.

http://www.example.com/cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.