PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Include Vulnerability

2012-08-24T00:00:00
ID EDB-ID:37674
Type exploitdb
Reporter Yakir Wizman
Modified 2012-08-24T00:00:00

Description

PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Include Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/55205/info

PHP Web Scripts Text Exchange Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks. 

http://www.example.com/textexchangepro/index.php?page=../../../../../../../../../../etc/passwd%00