Apache 1.3 + PHP 3 - File Disclosure

EDB-ID:

20466

CVE:

2001-0042

EDB Verified:

Author:

china nsl

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2000-12-06

Vulnerable App: 
source: https://www.securityfocus.com/bid/2060/info

Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language.

By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known file that resides on the target host.

Successful exploitation of this vulnerability could lead to the disclosure of sensitive information and possibly assist in further attacks against the victim. 

http://target/index.php3.%5c../..%5cconf/httpd.conf
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services