Home page logo
/

bugtraq logo Bugtraq mailing list archives

Barnraiser Prairie OpenID idp: Directory traversal attack
From: prairie () mailinator com
Date: Tue, 25 Jun 2013 10:09:01 GMT

The OpenID idp software "Barnraiser Prairie" 
http://www.barnraiser.org/prairie/ is vulnerable to directory traversal attacks:

./get_file.php does not limit the given path and allows directory traversal attacks with full public access to all 
images on the server.


Example exploit:
get_file.php?avatar=..&width=../../../../../../../../usr/share/apache2/icons/apache_pb.png


  By Date           By Thread  

Current thread:
  • Barnraiser Prairie OpenID idp: Directory traversal attack prairie (Jun 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]