Barnraiser Prairie Directory Traversal

2013-06-25T00:00:00
ID PACKETSTORM:122148
Type packetstorm
Reporter prairie
Modified 2013-06-25T00:00:00

Description

                                        
                                            `The OpenID idp software "Barnraiser Prairie"   
http://www.barnraiser.org/prairie/ is vulnerable to directory traversal attacks:  
  
./get_file.php does not limit the given path and allows directory traversal attacks with full public access to all images on the server.  
  
  
Example exploit:  
get_file.php?avatar=..&width=../../../../../../../../usr/share/apache2/icons/apache_pb.png  
`