Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66575 | vdb entry |
| http://www.exploit-db.com/exploits/17127 | exploit |
| http://osvdb.org/71721 | vdb entry |
| http://osvdb.org/71719 | vdb entry exploit |
| http://www.autosectools.com/Advisories/eyeOS.2.3_Local.File.Inclusion_173.html | exploit |
| http://www.securityfocus.com/bid/47184 | vdb entry exploit |
| http://blog.eyeos.org/en/2011/04/07/about-some-eyeos-security-issues/ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66574 | vdb entry |
| http://secunia.com/advisories/43997 | third party advisory vendor advisory |
| http://secunia.com/advisories/43818 | third party advisory vendor advisory |