9 lines
No EOL
595 B
Text
9 lines
No EOL
595 B
Text
source: http://www.securityfocus.com/bid/6644/info
|
|
|
|
A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system.
|
|
|
|
Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system.
|
|
|
|
Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.
|
|
|
|
http://www.example.org/room/save_item.php?name=[NAME]&ref=test&photo=../inc/conf.php&photo_type=ttxt |