CVE-2007-1773
published 2007-03-30CVE-2007-1773: Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1)…
PriorityP423low2.6CVSS 2.0
AVNACHAuNCPINAN
EXPLOIT
EPSS
3.23%
86.7th percentile
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
aBitWhizzy - 'whizzylink.php?d' Traversal Arbitrary Directory Listing
exploitdb·2007-03-14
CVE-2007-1773 aBitWhizzy - 'whizzylink.php?d' Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzylink.php?d' Traversal Arbitrary Directory Listing
---
source: https://www.securityfocus.com/bid/23167/info
aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker could exploit these vulnerabilities to view the directory structure on the affected webserver and perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://localhost/abitwhizzy/whizzylink.php?d= ../../../../../../../Documents%20and%20Settings
Exploit-DB
aBitWhizzy - 'whizzypic.php?d' Traversal Arbitrary Directory Listing
exploitdb·2007-03-14
CVE-2007-1773 aBitWhizzy - 'whizzypic.php?d' Traversal Arbitrary Directory Listing
aBitWhizzy - 'whizzypic.php?d' Traversal Arbitrary Directory Listing
---
source: https://www.securityfocus.com/bid/23167/info
aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker could exploit these vulnerabilities to view the directory structure on the affected webserver and perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://localhost/abitwhizzy/whizzypic.php?d= ../../../../../../../Documents%20and%20Settings
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/23167.htmlhttp://lostmon.blogspot.com/2007/03/abitwhizzy-traversal-folder-enumeration.htmlhttp://secunia.com/advisories/24679http://www.osvdb.org/34505http://www.osvdb.org/34506http://www.securityfocus.com/bid/23167http://www.vupen.com/english/advisories/2007/1136https://exchange.xforce.ibmcloud.com/vulnerabilities/33277http://downloads.securityfocus.com/vulnerabilities/exploits/23167.htmlhttp://lostmon.blogspot.com/2007/03/abitwhizzy-traversal-folder-enumeration.htmlhttp://secunia.com/advisories/24679http://www.osvdb.org/34505http://www.osvdb.org/34506http://www.securityfocus.com/bid/23167http://www.vupen.com/english/advisories/2007/1136https://exchange.xforce.ibmcloud.com/vulnerabilities/33277
2007-03-30
Published