CVE-2001-0215

ROADS - Unauthenticated Arbitrary File Read via search.pl form Parameter Null Byte Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0215. PoCs published by cuctema.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Martin Hamilton ROADS by using null byte (%00) sequences in a URL to read arbitrary files outside the root directory. The PoC demonstrates how a crafted request to search.pl can disclose file contents.

Description

ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cuctema · textremotecgi

https://www.exploit-db.com/exploits/20630

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability in Martin Hamilton ROADS by using null byte (%00) sequences in a URL to read arbitrary files outside the root directory. The PoC demonstrates how a crafted request to search.pl can disclose file contents.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Martin Hamilton ROADS

No auth needed

Prerequisites: Access to the ROADS web interface

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2371

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6097

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html

Scores

EPSS 0.0748

EPSS Percentile 93.7%

Details

Status published

Products (1)

martin_hamilton/roads 2.3

Published Jun 02, 2001

Tracked Since Feb 18, 2026