CVE-2007-6268

Absolute News Manager.NET 5.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6268. PoCs published by Adrian Pastor.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Absolute News Manager .NET, including directory traversal and information disclosure via path manipulation in the 'template' parameter. The PoC provides URLs to access sensitive files like web.config and other internal resources.

Description

Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adrian Pastor · textwebappsasp

https://www.exploit-db.com/exploits/30841

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Absolute News Manager .NET, including directory traversal and information disclosure via path manipulation in the 'template' parameter. The PoC provides URLs to access sensitive files like web.config and other internal resources.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Absolute News Manager .NET 5.1

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK