TIPS MailPost 5.1.1 - Remote File Enumeration

Author: Gemma Hughes
type: webapps
platform: cgi
port: 
date_added: 2004-11-03  
date_updated: 2013-03-11  
verified: 1  
codes: CVE-2004-1102;OSVDB-11410  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 24723.txt  

source: https://www.securityfocus.com/bid/11599/info

TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests.

An attacker may leverage this issue to gain knowledge of the existence of files outside the Web root directory. Information disclosed in this way may facilitate further attacks.

http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com