ContentNow upload.php Absolute Path Arbitrary File Manipulation

2006-11-13T09:03:59
ID OSVDB:30324
Type osvdb
Reporter OSVDB
Modified 2006-11-13T09:03:59

Description

Manual Testing Notes

http://[target]/cn/upload.php?path=/&cid=&type=file&single=false&folder=&lang=en

http://[target]/contentnow_130/cn/upload.php?path=/&cid=&type=file&folder=&lang=en&delfile=q.php&single=false

References:

Vendor URL: http://www.contentnow.mf4k.de/ Secunia Advisory ID:22805 Related OSVDB ID: 30321 Related OSVDB ID: 30325 Generic Exploit URL: http://www.milw0rm.com/exploits/2776