pppBLOG randompic.php files[0] Variable Traversal Arbitrary File Access

2006-05-30T05:05:12
ID OSVDB:25924
Type osvdb
Reporter OSVDB
Modified 2006-05-30T05:05:12

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[path]/randompic.php?files[0]=../config/admin.php

References:

Vendor URL: http://joerg.jo.funpic.org/pppblog/static.php?page=welcome Secunia Advisory ID:20375 Other Advisory URL: http://retrogod.altervista.org/pppblog_038_xpl.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0682.html FrSIRT Advisory: ADV-2006-2085 CVE-2006-2770 Bugtraq ID: 18189