Vulnerabilities > CVE-2004-0303 - Remote File Disclosure vulnerability in Owl's Workshop
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Fool's Workshop Owl's Workshop 1.0 readings/index.php Arbitrary File Access. CVE-2004-0303. Webapps exploit for php platform id EDB-ID:23726 last seen 2016-02-02 modified 2004-02-18 published 2004-02-18 reporter G00db0y source https://www.exploit-db.com/download/23726/ title Fool's Workshop Owl's Workshop 1.0 readings/index.php Arbitrary File Access description Fool's Workshop Owl's Workshop 1.0 glossaries/index.php file Parameter Arbitrary File Access. CVE-2004-0303. Webapps exploit for php platform id EDB-ID:23725 last seen 2016-02-02 modified 2004-02-18 published 2004-02-18 reporter G00db0y source https://www.exploit-db.com/download/23725/ title Fool's Workshop Owl's Workshop 1.0 glossaries/index.php file Parameter Arbitrary File Access description Fool's Workshop Owl's Workshop 1.0 resultsignore.php Arbitrary File Accessa. CVE-2004-0303. Webapps exploit for php platform id EDB-ID:23727 last seen 2016-02-02 modified 2004-02-18 published 2004-02-18 reporter G00db0y source https://www.exploit-db.com/download/23727/ title Fool's Workshop Owl's Workshop 1.0 resultsignore.php Arbitrary File Access