The exploit demonstrates a file disclosure vulnerability in phpBugTracker v1.0.1 by manipulating the 'filename' parameter in 'attachment.php' to read arbitrary files, such as 'config.php'. This is a path traversal attack.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:phpBugTracker v1.0.1
No auth needed
Prerequisites:Access to the target web application