ASP-Nuke RC2 and previous versions allows remote malicious users to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asp-nuke asp-nuke rc1 |
||
asp-nuke asp-nuke rc2 |