https://www.exploit-db.com/exploits/22015
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-689

W3Mail1.0.6版本的viewAttachment.cgi存在目录遍历漏洞。远程攻击者借助file参数的..(点点)读取任意文件。

source: http://www.securityfocus.com/bid/6170/info

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters. 

viewAttachment.cgi?file=../../../../../etc/passwd

来源:BID
名称:6170
链接:http://www.securityfocus.com/bid/6170
来源:XF
名称:w3mail-argument-read-files(10612)
链接:http://www.iss.net/security_center/static/10612.php
来源:BUGTRAQ
名称:20021112FreshholeinW3Mail(fwd)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-11/0150.html