https://www.exploit-db.com/exploits/23987
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1208

SurgeLDAP是一款高级易管理的高性能的LDAPv3服务器。SurgeLDAP包含的管理服务器脚本对用户提交的请求缺少充分过滤，远程攻击者可以利用这个漏洞以WEB权限查看系统任意文件内容。漏洞存在于user.cgi脚本中，由于对’page’参数缺少充分过滤，提交包含多个”../”字符作为参数数据，可绕过WEBROOT限制，以WEB权限查看系统任意文件内容。

source: http://www.securityfocus.com/bid/10103/info

SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. 

A remote attacker could exploit this issue to gain access to system files outside of the web root directory of the built-in web server. Files that are readable by the web server could be disclosed via this issue.

http://www.example.com:6680/user.cgi?cmd=show&page=/../../../boot.ini

来源:XF
名称:surgeldap-dotdot-directory-traversal(15851)
链接:http://xforce.iss.net/xforce/xfdb/15851
来源:BID
名称:10103
链接:http://www.securityfocus.com/bid/10103
来源:SECUNIA
名称:11343
链接:http://secunia.com/advisories/11343
来源:members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt
来源：NSFOCUS
名称：6325
链接：http://www.nsfocus.net/vulndb/6325