CVE-2001-0253
iWeb Hyperseek 2000 - Directory Traversal via show Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-0253. PoCs published by MC GaN.
AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in the `hsx.cgi` script by using `../` sequences and a null byte (`%00`) to bypass path sanitization and read arbitrary files, such as `/etc/passwd`. The attack is delivered via a crafted URL.
Description
Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter.
Exploits (1)
This exploit leverages a directory traversal vulnerability in the `hsx.cgi` script by using `../` sequences and a null byte (`%00`) to bypass path sanitization and read arbitrary files, such as `/etc/passwd`. The attack is delivered via a crafted URL.