CVE-2005-1716

An attacker can simply request `http://[victim]/data/` to list the directory, or directly download any `.dat` file stored there [ref_id=1]. These files contain all client IP addresses of users who voted or added comments, along with other sensitive information [ref_id=1]. No authentication or special privileges are required — the attacker only needs network access to the web server [ref_id=1].

The application stores all data files (votes, comments, and other site information) in the `/data/` folder under the web document root [ref_id=1]. These files use the `.dat` extension and are accessible directly via HTTP without any access control [ref_id=1].

The advisory states that no solution was available at the time of disclosure [ref_id=1]. No patch is included in the bundle. To remediate, administrators would need to restrict access to the `/data/` directory — for example, via web server configuration (e.g., `.htaccess` deny rules) or by moving the data directory outside the web document root [ref_id=1].

1. Identify a target running TOPo 2.2.178. 2. Navigate to `http://[victim]/data/` in a web browser. 3. Download any `.dat` file listed (e.g., vote or comment data files). 4. Open the downloaded file to view stored client IP addresses and other sensitive information [ref_id=1].