The writeup details a remote file deletion vulnerability in Pivot 1.40.6 due to improper handling of the `refkey` parameter in `count.php`, allowing deletion of arbitrary files when `register_globals` is enabled. The analysis includes code snippets and a proof-of-concept URL demonstrating the exploit.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:Pivot 1.40.6
No auth needed
Prerequisites:register_globals enabled · knowledge of target file paths