https://www.exploit-db.com/exploits/23724
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200411-082

OWLS1.0存在目录遍历漏洞。远程攻击者可以借助以下参数中的..（点点）读取任意文件（1）index.php中的file参数，（2）glossary.php中的editfile，或者（3）newmultiplechoice.php中的editfile。

source: http://www.securityfocus.com/bid/9689/info
  
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter.
  
Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.

http://www.example.org/owls/workshop/newmultiplechoice.php?edit=1&editfile=../../../../../../../../../../../../../../../etc/passwd

来源:XF
名称:owls-file-retrieval(15249)
链接:http://xforce.iss.net/xforce/xfdb/15249
来源:www.zone-h.org
链接:http://www.zone-h.org/en/advisories/read/id=3973/
来源:BID
名称:9689
链接:http://www.securityfocus.com/bid/9689
来源:BUGTRAQ
名称:20040218ZH2004-08SA(securityadvisory):OWLS1.0Remotearbitraryfiles
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107712123305706&w;=2