PHP Upload Arbitrary File Disclosure Vulnerability

On any PHP script that allows file uploading, find the name assigned to the variable that contains the path and name of the temporary file that will be created in the upload process. Then POST to the PHP script referenced by the form action variable, setting the tempfile variable to the path and name of the file you wish to view.

An exploit including sample files was posted to Bugtraq by "Signal 11" <signal11@mediaone.net> and is linked to in the credit section.


 

Privacy Statement
Copyright 2010, SecurityFocus