Google Search: intitle:”View Img” inurl:viewimg.php
murfie rates this entry 6 out of 10.
Submitted: 2004-11-30 00:00:00
Added by: murfie
It is reported that the ‘viewing.php’ script does not properly validate user-supplied input in the ‘path’ variable. A remote user can submit a specially crafted URL to view a list of files within an arbitrary directory. See http://securitytracker.com/alerts/2004/Nov/1012312.html for more information.
2005-12-17 12:55:54 (userdan): If we can’t read the files themselves, this vuln doesn’t give us anything…