Well I can't realize about wich version you're talking ! maybe you're
talking about 1.0 ?
On 22 Mar 2005 16:32:05 -0000, Megasky <magasky (at) hotmail (dot) com [email concealed]> wrote:
>
>
> there is allready a post on this that have
> file_manager.php?action=download&filename=../../../../../../etc/passwd
So first admin should be password protected, so you'll never access to
those files.
Second safe mode won't let you download any file even if you'r loggued as admin.
> sometime the action=download doesn't work , so i tried action=read
> /admin/file_manager.php?action=read&filename=../../../../
>
>
This will read the catalog folder, what is vurnerable ?
talking about 1.0 ?
On 22 Mar 2005 16:32:05 -0000, Megasky <magasky (at) hotmail (dot) com [email concealed]> wrote:
>
>
> there is allready a post on this that have
> file_manager.php?action=download&filename=../../../../../../etc/passwd
So first admin should be password protected, so you'll never access to
those files.
Second safe mode won't let you download any file even if you'r loggued as admin.
> sometime the action=download doesn't work , so i tried action=read
> /admin/file_manager.php?action=read&filename=../../../../
>
>
This will read the catalog folder, what is vurnerable ?
[ reply ]