[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Torrential 1.2 getdox.php Directory Traversal

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Torrential 1.2 getdox.php Directory Traversal
From: Shell <shell6@xxxxxxxxx>
Date: Mon, 21 Nov 2005 20:59:30 -0500

I was poking around my own server because I had an installation of
torrential and found this vuln. The problem lies in getdox.php. It
works by taking an argument after a "/". This specifies a file. The
DOX folder that it grabs the files from is located int /dox such that
/ is the directory that the main index is in. Now, you can give it the
parameter of /(any file) and it will fetch that file.

EXAMPLES:
http://www.example.com/torrential/dox/getdox.php/../forums.php (goes
to the forums page)
http://www.example.com/torrential/dox/getdox.php/../../index.html
(goes to http://www.example.com/index.html in this case)

LOCATION FOR DOWNLOAD:
prdownloads.sourceforge.net/torrentbits/TBSource_-_Torrential_Beta_1.2-2005-09-25-1220-expert01.rar?download

I have already taken preventative measures on my site.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: Torrential 1.2 getdox.php Directory Traversal
  - From: Shell

Prev by Date: [Full-disclosure] Cisco PIX TCP Connection Prevention
Next by Date: [Full-disclosure] Secunia Research: Opera Command Line URL Shell Command Injection
Previous by thread: [Full-disclosure] Cisco PIX TCP Connection Prevention
Next by thread: [Full-disclosure] Re: Torrential 1.2 getdox.php Directory Traversal
Index(es):
- Date
- Thread