Vulnerabilities > CVE-2006-2770 - Directory Traversal vulnerability in PPPBlog
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0]. Successful exploitation requires that "register_globals" is enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description pppBlog <= 0.3.8 (randompic.php) System Disclosure Exploit. CVE-2006-2770. Webapps exploit for php platform id EDB-ID:1853 last seen 2016-01-31 modified 2006-05-31 published 2006-05-31 reporter rgod source https://www.exploit-db.com/download/1853/ title pppBlog <= 0.3.8 randompic.php System Disclosure Exploit description pppBlog <= 0.3.11 (randompic.php) File Disclosure Vulnerability. CVE-2006-2770. Webapps exploit for php platform id EDB-ID:6972 last seen 2016-02-01 modified 2008-11-03 published 2008-11-03 reporter JosS source https://www.exploit-db.com/download/6972/ title pppBlog <= 0.3.11 - randompic.php File Disclosure Vulnerability
References
- http://retrogod.altervista.org/pppblog_038_xpl.html
- http://secunia.com/advisories/20375
- http://securityreason.com/securityalert/1015
- http://securitytracker.com/id?1016198
- http://www.securityfocus.com/archive/1/435406/100/0/threaded
- http://www.securityfocus.com/bid/18189
- http://www.vupen.com/english/advisories/2006/2085
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26969