[VIM] EV0014 question (fwd)
jericho at attrition.org
Fri Jan 6 07:42:43 EST 2006
---------- Forwarded message ----------
From: Support - eVuln.com
Date: Fri, 06 Jan 2006 17:17:15 +0300
Subject: Re: EV0014 question
> 1. Arbitrary script execution. Example:
> What script, fields or variables are affected by this?
Arbitrary script execution is possible when posting a link in the
messages like this: [a]http://host.com/[/a]
> 3. Directory Traversal Example:
> Registering new user.
> username: http://host/tpf/profile.php? action=view&uname=../../username
> So during registration, you can traverse to a different username.. but
> what does this do exactly? Overwrite an existing username with new data?
Sorry. There is a small mistake.
this link show users profile. so this vulnerability allays to view files
with some extentions.
Directory traversal is possible registration form too. It allows to
create files(with some extentions) on server (write access is needed)
More information about the VIM