intitle:"View Img" inurl:viewimg.php

  • 日期:2004-11-30
  • 类别:
  • 作者:anonymous
  • 语法:intitle:"View Img" inurl:viewimg.php
  • It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user can submit a specially crafted URL to view a list of files within an arbitrary directory. See http://securitytracker.com/alerts/2004/Nov/1012312.html for more information.