https://www.exploit-db.com/exploits/24131
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-486

DSMLightWebFileBrowser2.0版本的explorer.php存在目录遍历漏洞。远程攻击者借助wdir参数中的..(点点）读取任意文件。

source: http://www.securityfocus.com/bid/10381/info

DSM Light has been reported to be prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This issue would allow an attacker to view arbitrary, web-readable files on the affected computer. This may aid an attacker in conducting further attacks against the vulnerable computer.

http://www.example.com/htmlarea/popups/explorer.php?wdir=/../../../../../../../../../../etc

来源:BID
名称:10381
链接:http://www.securityfocus.com/bid/10381