Reported August 17, 2000 by eEye Digital Security
- Netauth 4.2b and earlier versions
Netauth does not guard against the use of relative pathnames . By using the dot-dot-slash (../) syntax, directories can be nagivated to expose file content.
The following would expose the "passwd" file:http://\[server\]/cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../../etc/passwd
NetWin released a new version which corrects this vulnerability along with other bugs.
Discovered by eEye Digital Security