| VID |
21414 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Blog Torrent program has a 'btdownload.php' Directory Traversal Vulnerability.
Blog Torrent is a bittorrent file sharing program for PHP Web sites for Unix based operating system.
Blog Torrent Preview Version 0.8 allows a remote attacker to traverse arbitrary directories on the system, caused by a failure of the application process to properly filter user supplied input. By sending a specially crated URL request to the 'btdownload.php' script containing a malicious data in the 'file' parameter, a remote attacker could traverse the directory and view arbitrary files with the privileges of the target web server.
* References:
http://securitytracker.com/alerts/2004/Dec/1012390.html
* Platforms Affected:
Blog Torrent Preview Version 0.8
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Blog Torrent (version 1.7, Wed Dec 1 01:06:56 2004 UTC or later), available from the Blog Torrent CVS Repository Web site at http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7 |
| Related URL |
CVE-2004-1212 (CVE) |
| Related URL |
11795 (SecurityFocus) |
| Related URL |
18356 (ISS) |
|
