https://www.exploit-db.com/exploits/24796
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-125

BlogTorrent是PHP脚本设计的用于发布bittorrent资源的Web应用。BlogTorrentpreview0.8版本中的btdonload.php存在目录遍历漏洞。远程攻击者可通过在file参数中使用”..”的方式，获取主机上任意文件。

source: http://www.securityfocus.com/bid/11795/info

It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input. 

Blog Torrent preview 0.8 version is affected by this vulnerability.

htp://www.example.com/battletorrent/btdownload.php?type=torrent&file=../../etc/passwd

来源:BID
名称:11795
链接:http://www.securityfocus.com/bid/11795
来源:BUGTRAQ
名称:20041202BlogTorrentpreview0.8-arbitaryfiledownload
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110200971917165&w;=2
来源:XF
名称:blogtorrent-btdownloadphp-dir-traversal(18356)
链接:http://xforce.iss.net/xforce/xfdb/18356
来源:cvs.sourceforge.net接:http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2;=1.7