header-logo
Suggest Exploit
vendor:
Blog Torrent
by:
5
CVSS
MEDIUM
Remote Directory Traversal
22
CWE
Product Name: Blog Torrent
Affected Version From: 0.8
Affected Version To: 0.8
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Blog Torrent Remote Directory Traversal Vulnerability

The vulnerability allows an attacker to access arbitrary files on the server by manipulating the 'file' parameter in the URL. By including '../' sequences, an attacker can traverse directories and access sensitive files such as the password file (/etc/passwd).

Mitigation:

Apply patches or updates provided by the vendor to fix the vulnerability. Restrict access to the affected URL or implement proper input validation to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11795/info

It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input. 

Blog Torrent preview 0.8 version is affected by this vulnerability.

htp://www.example.com/battletorrent/btdownload.php?type=torrent&file=../../etc/passwd

Navigation

Suggest Exploit

Services By CQR