VULHUB ™

Chili!Soft ASP contains sample scripts which are vulnerable to a directory traversal attack. By including '/../' sequences in requests submitted to the vulnerable scripts, a remote attacker can force the script to read and display the contents of files outside the normal directory tree. This can permit the attacker to read files from the /opt/casp directory, including those which contain sensitive information including database usernames/passwords, server logs, and the admin interface username/password.

Chili!Soft ASP contains sample scripts which are vulnerable to a directory traversal attack. By including '/../' sequences in requests submitted to the vulnerable scripts, a remote attacker can force the script to read and display the contents of files outside the normal directory tree. This can permit the attacker to read files from the /opt/casp directory, including those which contain sensitive information including database usernames/passwords, server logs, and the admin interface username/password.