Fokiz icon indicating copy to clipboard operation
Fokiz copied to clipboard

Published 20 hours ago verified publisher icon ksafranski

Path traversal and content visibility

Open antirais opened this issue 11 years ago • 0 comments

Logged in user (editor) can list folder content with URL traversal.

[Example attacks] [Notes: List shows up style="display:none", change it to see the content]

  • http://localhost/system/admin/editor/filemgr/modules/folders.php POST:dir=../
  • http://localhost/system/admin/editor/filemgr/modules/files.php?dir=..%2f..%2f..%2f..%2fetc%2f

antirais avatar Jul 15 '13 16:07 antirais