7 lines
No EOL
534 B
Text
7 lines
No EOL
534 B
Text
source: http://www.securityfocus.com/bid/8236/info
|
|
|
|
It has been reported that attackers may be able to modify the 'location' variable passed to the index.php file to cause the Web server to return arbitrary files. This script is prone to a directory traversal vulnerability, allowing attackers to retrieve any file residing on the filesystem readable by the Web server user.
|
|
|
|
http://www.example.com/atomicboard/index.php?location=../../../../../../etc/passwd
|
|
|
|
http://www.example.com/AtomicBoard-0.6.2/index.php?location=anything |