This is a detailed technical writeup describing a directory traversal vulnerability in Kohana Framework v2.3.3. The vulnerability is located in the `master/classes/Kohana/Filebrowser.php` file, where the `str_replace` function fails to properly sanitize path inputs, allowing attackers to bypass validation and read arbitrary system files.
Classification
Writeup 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Kohana Framework v2.3.3
No auth needed
Prerequisites:Access to the vulnerable Kohana application