CVE-2008-0480

Web Wiz Forums < 9.07 - Path Traversal via RTE_file_browser.asp or file_browser.asp Sub Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0480. PoCs published by BugReport.IR.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Web Wiz Forums 9.07. The vulnerability allows unauthenticated attackers to list directories and files via the 'FolderName' parameter in 'RTE_file_browser.asp' and 'file_browser.asp'.

Description

Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsasp

https://www.exploit-db.com/exploits/4970

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in Web Wiz Forums 9.07. The vulnerability allows unauthenticated attackers to list directories and files via the 'FolderName' parameter in 'RTE_file_browser.asp' and 'file_browser.asp'.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Web Wiz Forums 9.07

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK