BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
cyask 3.x Local File Inclusion Vulnerability Sep 18 2008 06:50AM
xuanmumu gmail com
This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask.

The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filename to $neturl so that collect.php ca...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus