ClanSphere 2007.4.4 - 'install.php' Local File Include Vulnerability

2008-01-28T00:00:00
ID EDB-ID:31067
Type exploitdb
Reporter p4imi0
Modified 2008-01-28T00:00:00

Description

ClanSphere 2007.4.4 'install.php' Local File Include Vulnerability. CVE- 2008-0489. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/27471/info

ClanSphere is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to access potentially sensitive information that may aid in further attacks.

ClanSphere 2007.4.4 is vulnerable to this issue; other versions may also be affected. 

http://www.example.com/install.php?lang=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00