Phpauction GPL index.php lan Variable Traversal Local File Inclusion

ID OSVDB:18999
Type osvdb
Reporter OSVDB
Modified 2005-07-07T13:45:26


Technical Description

Additionally, if an invalid file is requested, the resulting error message will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

/phpauction-gpl-2.5/index.php?lan=../put/.inc.php/file/name/here /phpauction-gpl-2.5/admin/index.php?lan=../p ut/.inc.php/file/name/here


Vendor URL: Security Tracker: 1014423 Secunia Advisory ID:15967 Related OSVDB ID: 18998 Related OSVDB ID: 18997 Related OSVDB ID: 19000 Other Advisory URL: CVE-2005-2255