7 lines
No EOL
435 B
Text
7 lines
No EOL
435 B
Text
source: http://www.securityfocus.com/bid/7737/info
|
|
|
|
Shoutbox is prone to directory traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to URI parameters.
|
|
|
|
An attacker can exploit this vulnerability by manipulating the value of the affected 'conf' URI parameter to obtain any files readable by the web server.
|
|
|
|
http://blablabla.com/shoutbox.php?conf=../../../../../../../etc/passwd |