CuteNews index.php archive Variable Path Disclosure

2005-11-07T14:52:55
ID OSVDB:20901
Type osvdb
Reporter OSVDB
Modified 2005-11-07T14:52:55

Description

Manual Testing Notes

http://[target]/index.php?subaction=showfull&id=1128227686&archive=../../../../../../etc/passwd%00&start_from=&ucat=1&

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0078.html CVE-2005-3592