Exploit Fool's Workshop Owl's Workshop 1.0 - 'glossary.php' Arbitrary File Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23723
Проверка EDB
  1. Пройдено
Автор
G00DB0Y
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2004-0302
Дата публикации
2004-02-18
Код:
source: https://www.securityfocus.com/bid/9689/info
 
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
 
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.

http://www.example.org/owls/workshop/glossary.php?editfile=../../../../../../../../../../../../../../../etc/passwd
 
Источник
www.exploit-db.com

Похожие темы