aerouk
commented
7 years ago The path traversal exploit didn't work on my production server, but I'll go ahead and merge this to be safe. Many thanks for your time and investigation!
Closed ssl closed 7 years ago
aerouk
commented
7 years ago The path traversal exploit didn't work on my production server, but I'll go ahead and merge this to be safe. Many thanks for your time and investigation!
REQUEST_URI is not parsed by PHP - only by new browsers. Can be used for XSS with curl or for example file get contents.
[url]?x="><h1>Hi</h1>Using path travel and viewer.php you can get files like the config file.
[url]/viewer.php?type=png&file=../png/../png/../png/jAfQv