- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 20208
- Проверка EDB
-
- Пройдено
- Автор
- PESTILENCE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2000-0872
- Дата публикации
- 2000-09-07
Код:
source: https://www.securityfocus.com/bid/1650/info
The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in the value of the "folder" variable it is possible for a remote user to and gain read access to any file or browse any directory for which the webserver has read access.
Example:
http://target/phpPhotoAlbum/explorer.php?folder=../../../../- Источник
- www.exploit-db.com