Directory traversal

Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the prefixdir parameter...

CVE-2008-1696

Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the prefixdir parameter...

CVE-2008-1696

The CVE-2008-1696 entry describes a directory traversal vulnerability in makepost.php of DaZPHPNews 0.1-1. Exploitation requires register_globals enabled and magic_quotes_gpc disabled, allowing an attacker to include and execute arbitrary local files by injecting dots (..) in the prefixdir parame...

dazphp-lfi.txt

Script Name : DaZPHP Download : http://sourceforge.net/project/showfiles.php?groupid=132192 Vul CodeExample : http://site/Path/makepost.php?prefixdir=../../../../../../etc/passwd Error : include "./".$prefixdir."/DaZPHPNews-0.1-1/makepost.php"; Greetz : Kezzap66345 - Str0ke - Dread 35...

DaZPHP 0.1 - prefixdir Local File Inclusion

DaZPHP 0.1 - prefixdir Local File Inclusion Script Name : DaZPHP Download : http://sourceforge.net/project/showfiles.php?groupid=132192 Vul CodeExample : http://site/Path/makepost.php?prefixdir=../../../../../../etc/passwd Error : include "./".$prefixdir."/DaZPHPNews-0.1-1/makepost.php"; Greetz :...

DaZPHP 0.1 (prefixdir) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================= DaZPHP 0.1 prefixdir Local File Inclusion Vulnerability ========================================================= Script Name : DaZPHP Vul CodeExample :...