Closed ssl closed 7 years ago
REQUEST_URI is not parsed by PHP - only by new browsers. Can be used for XSS with curl or for example file get contents. [url]?x="><h1>Hi</h1>
[url]?x="><h1>Hi</h1>
Using path travel and viewer.php you can get files like the config file. [url]/viewer.php?type=png&file=../png/../png/../png/jAfQv
[url]/viewer.php?type=png&file=../png/../png/../png/jAfQv
The path traversal exploit didn't work on my production server, but I'll go ahead and merge this to be safe. Many thanks for your time and investigation!
REQUEST_URI is not parsed by PHP - only by new browsers. Can be used for XSS with curl or for example file get contents.
[url]?x="><h1>Hi</h1>
Using path travel and viewer.php you can get files like the config file.
[url]/viewer.php?type=png&file=../png/../png/../png/jAfQv