Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Blog Torrent Remote Directory Traversal Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Blog Torrent
by:
5
CVSS
MEDIUM
Remote Directory Traversal
22
CWE
Product Name: Blog Torrent
Affected Version From: 0.8
Affected Version To: 0.8
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Blog Torrent Remote Directory Traversal Vulnerability

The vulnerability allows an attacker to access arbitrary files on the server by manipulating the 'file' parameter in the URL. By including '../' sequences, an attacker can traverse directories and access sensitive files such as the password file (/etc/passwd).

Mitigation:

Apply patches or updates provided by the vendor to fix the vulnerability. Restrict access to the affected URL or implement proper input validation to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11795/info

It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input. 

Blog Torrent preview 0.8 version is affected by this vulnerability.

htp://www.example.com/battletorrent/btdownload.php?type=torrent&file=../../etc/passwd

Navigation

Suggest Exploit

Services By CQR