TorrentFlux Downloaddetails.PHP Directory Traversal Vulnerability
BID:21525
Info
TorrentFlux Downloaddetails.PHP Directory Traversal Vulnerability
| Bugtraq ID: | 21525 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6604 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 11 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | r0ut3r is credited with the discovery of this vulnerability. |
| Vulnerable: |
TorrentFlux TorrentFlux 2.2 |
| Not Vulnerable: | |
Discussion
TorrentFlux Downloaddetails.PHP Directory Traversal Vulnerability
TorrentFlux is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.
TorrentFlux version 2.2 is reported vulnerable.
TorrentFlux is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.
TorrentFlux version 2.2 is reported vulnerable.
Exploit / POC
TorrentFlux Downloaddetails.PHP Directory Traversal Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept exploit is available:
Attackers can exploit this issue via a web client.
The following proof-of-concept exploit is available:
Solution / Fix
TorrentFlux Downloaddetails.PHP Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
TorrentFlux Downloaddetails.PHP Directory Traversal Vulnerability
References:
References:
- TorrentFlux Homepage (TorrentFlux)