Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
cyask 3.x Local File Inclusion Vulnerability
Sep 18 2008 06:50AM
xuanmumu gmail com
This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask.
The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filename to $neturl so that collect.php ca...
[ more ]
Copyright 2010, SecurityFocus