VULHUB ™

It is possible to view the contents of any known file residing on a system running CGI Script Center Auction Weaver. For example: http://target/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\&fromfile=file.ext will allow a remote user, regardless of privilege level to read the file specified.

It is possible to view the contents of any known file residing on a system running CGI Script Center Auction Weaver. For example: http://target/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\&fromfile=file.ext will allow a remote user, regardless of privilege level to read the file specified.