YingZhiPython – Directory Traversal / Arbitrary File Upload

• Exploit Database
• 15 阅读

• 作者： Larry Cashdollar
  日期： 2012-09-26
• 类别：

  • remote
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/37889/

• source: https://www.securityfocus.com/bid/55685/info
  
  An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and to run it in the context of the web server process.
  
  YingZhiPython 1.9 is vulnerable; other versions may also be affected. 
  
  ftp://www.example.com/../../../../../../../private/etc/passwd