Niagara Framework Directory Traversal Vulnerability


Niagara Framework is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.


The original article can be found at:
The information has been provided by Billy Rios and Terry McCorkle .


Vulnerable Systems:
 * Niagara Framework Directory Traversal Vulnerability

Remote attackers can use specially crafted requests with directory-traversal sequences (‘../’) to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release:Jul 16 2012

Categories: News