This is a writeup describing a directory traversal vulnerability in ffileman 7.0, a Perl-based web file manager. The vulnerability allows authenticated attackers to access local files by manipulating the 'direkt' parameter with '../' sequences.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:ffileman 7.0
Auth required
Prerequisites:Authenticated session · Access to the 'direkt' parameter