9 lines
No EOL
615 B
Text
9 lines
No EOL
615 B
Text
source: http://www.securityfocus.com/bid/13636/info
|
|
|
|
PostNuke Blocks module is affected by a directory traversal vulnerability.
|
|
|
|
The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application.
|
|
|
|
An attacker may leverage this issue to disclose arbitrary files on an affected computer. It was also reported that an attacker can supply NULL bytes with a target file name. This may aid in other attacks such as crashing the server.
|
|
|
|
http://www.example.com/index.php?module=Blocks&type=lang&func=../../../../../../etc/passwd%00 |