SGI IRIX 6.2 - cgi-bin wrap

Author: J.A. Gutierrez
type: remote
platform: multiple
port: 
date_added: 1997-04-19  
date_updated: 2014-01-02  
verified: 1  
codes: CVE-1999-0149;OSVDB-247  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19298.txt  
source: https://www.securityfocus.com/bid/373/info


A vulnerability exists in the cgi-bin program 'wrap', as included with Irix 6.2 from SGI. A failure to validate input results in a vulnerability that allows any remote attacker to view the contents of any world readable directory remotely. This can be used to gain information that may be helpful in carrying out other attacks.

http://sgi.victim/cgi-bin/wrap?/../../../../../etc